Python Ethical Hacking - TROJANS Analysis(3)

BYPASSING ANTI-VIRUS PROGRAMS

AV programs detect viruses based on:

1. Code - compare files to huge databases of signatures.

    ->Use own code, obfuscation, useless operations, encode, pack ...etc

2. Behaviour - run a file in a sandbox and analyze it.

   -> Run trusted operations before evil code.

   ->Delay execution of evil code.

 

Scan the file on the following website:

NoDistribute - Online Virus Scanner Without Result Distribution

https://nodistribute.com/

 

 

Using UPX to Package the executable program.

https://upx.github.io/

Download the file from https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz.

And extract to the /opt folder.

 

 Compress the evil file through UPX.

./upx /root/PycharmProjects/reverse_backdoor/dist/reverse_backdoor.exe -o compressed_backdoor.exe

 

 

Scan the compressed_backdoor.exe file, the result is a little better.

 Take your file Unique and delay to execute the evil code to let the AV program think your program is harmless.

posted @ 2019-10-13 16:13  晨风_Eric  阅读(363)  评论(0编辑  收藏  举报