exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed


Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.

tags | paper, virus
SHA-256 | acfa9cdef5c30cd4848dccab719ac832c6ce65cf0aae70ef4dc41ad12ea37fd7
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By