NotSoHarmfulDLL is a Windows DLL that simulates malware-like behavior for cybersecurity research and training. This module is inspired by the Pikabot malware campaign and replicates some of its anti-analysis techniques, including:
β
Checking system language (exits if Russian ru-RU or Ukrainian uk-UA is detected).
β
Ensuring a single instance by creating a hardcoded mutex ({A77FC435-31B6-4687-902D-24153579C738}).
β
Designed for educational use and does not perform harmful actions.
π Research References:
π¨ This project is for educational purposes only. It does not contain malicious code but simulates anti-analysis techniques used by real malware. Use responsibly in authorized research environments.
- Uses
GetUserDefaultUILanguage()to detect system language. - If the system language is Russian (0x0419) or Ukrainian (0x0422), execution is stopped.
- Write output to a text file before exiting.
- Uses
CreateMutexA()to prevent multiple instances of the DLL from running. - If another instance is found, execution immediately exits.
To compile the DLL on a Linux system:
x86_64-w64-mingw32-gcc -shared -o notsoharmfuldll.dll notsoharmfuldll.c -Wallβ This generates notsoharmfuldll.dll, which can be executed on Windows.
To execute the DLL on Windows, run:
rundll32.exe notsoharmfuldll.dll,RunNotSoHarmfulπ¨βπ» Created for cybersecurity research & education. Use responsibly! π