exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

bypassav.txt

bypassav.txt
Posted Aug 31, 2004
Authored by Klemster, indiasec | Site indiasec.com

White paper explaining how to try and bypass detection from antivirus software by recompiling the same code with a few minor changes.

SHA-256 | ed996b12d0f2df8baf46b0eb9266cbde4f7134bafe3dd50cd775fe7dd5ff08c9

bypassav.txt

Change Mirror Download
Recompiling Code to Bypass Detection by an Antivirus
----------------------------------------------------

By klemster | klemster@weed5.org
Visit Weed5 Computer Security Group http://www.weed5.org/ for more

====================================================================
Contents
--------

Recompiling Code to Bypass Detection by an Antivirus

Disclaimer

====================================================================
Recompiling Code to Bypass Detection by an Antivirus

Any trojan/backdoor/virus/worm, etc.. that is released is mostly
detected by any antivirus within a week of it's release. This is
because the antivirus companies constantly keep updating their
signature database, which extracts a unique signature from the virus
and detects it.
Mostly, if one version of the program is detected, then all the
other versions of the code are also detected. So, to make a program
that is already detected by an Antivirus to bypass the detection,
you will need to recompile it in a different way.

I had made a keylogger called skl0g about three years ago, and
it of course started getting detected by the antiviruses after it's
release. Now, I decided to make a better version of the keylogger.
After compiling the new code, I realised that even this was getting
detected.
Therefore, to figure out what signature of the program that
the antivirus (Norton) was using, I opened the compiled binary file
in notepad. In the data was this:
\A D : \ h a c k \ s t a l l I O n s \ s k l o g \ s k l o g . v b p
This is the path of the visual basic code for skl0g. So, all I
did was copy the old code (the first version) to a new folder and
compiled it. The same program that was detected by Norton was not
detected when it was compiled in a new directory. No changes were
made to the code. The only difference was that it was compiled in
a new directory.
Therefore, this is a very easy way to bypass the antivirus by
just recompiling the code in a new directory. Please note, this is
for Visual Basic code.
If you're program is in other languages, try opening the
compiled binary in some text-viewer and check for signatures of the
program that the antivirus may be using. All you have to do is
rename the value that the antiviruses use and recompile the code.
For example: If you have used a file called abcdef.xyz and you can
see that value in the binary file, try renaming the file to
something else and recompiling the code.
This paper might not be entirely correct, but it helps in many
situations to try the methods. If you come up with anything else,
please feel free to mail me at klemster@weed5.org

====================================================================
DISCLAIMER

There is no guarantee on the accurateness of this text and
this is subject to change anytime. This text is meant only for
educational purposes. Following or reading this text is entirely at
the choice and risk of the user. I will not be responsible directly
or indirectly for any damages caused due to reading this, or
abuse/misinterpretation of this paper.

====================================================================

klemster | klemster@weed5.org
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close