Hi guys,

I’ve been working on a c++ malware, but I can not evade AV, even with multiple obfuscation/process hollowing/ not toucking disk… I tried at least 30 solutions, but my final file is an exe, and I think the problem is here.

Because exe are the most common form, I understand that AV will look at it very closely to unsigned exes… I could just change the form to dll and run it with rundll32 and a batch, but it seems to be caught too. Online AV gets less AV caught in dll form, but still…

I could use hta files, or macro, but I’m not sure of the best form, and how to run complexes functions (like persistence, running other processes)

Any ideas to share on this?

  • Tmpod
    link
    fedilink
    arrow-up
    3
    ·
    3 years ago

    Is this form of post content allowed? I’d expect malware not to be endorsed here 👀

    • soronixa
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      I guess people need to do it in order to gain experience, the same way people do penetration testing and stuff. so it’s ok as long as it’s for educational purposes.