Hi guys,

I’ve been working on a c++ malware, but I can not evade AV, even with multiple obfuscation/process hollowing/ not toucking disk… I tried at least 30 solutions, but my final file is an exe, and I think the problem is here.

Because exe are the most common form, I understand that AV will look at it very closely to unsigned exes… I could just change the form to dll and run it with rundll32 and a batch, but it seems to be caught too. Online AV gets less AV caught in dll form, but still…

I could use hta files, or macro, but I’m not sure of the best form, and how to run complexes functions (like persistence, running other processes)

Any ideas to share on this?