Jump to content
Tuts 4 You

Bypass Antivirus Dynamic Analysis


Teddy Rogers

About This File

Antivirus are easy to bypass. Antivirus are mandatory in defense in depth. This Cryptor is FUD are some of the sentence you hear when doing some researches on antivirus security. I asked myself, hey is it really that simple to bypass AV? After some research I came (like others) to the conclusion that bypassing Antivirus consists in two big steps:

. Hide the code which may be recognized as malicious. This is generally done using encryption.
. Code the decryption stub in such a way it is not detected as a virus nor bypassed by emulation/sandboxing.

In this paper I will mainly focus on the last one, how to fool antivirus emulation/sandboxing systems.

I've set myself a challenge to find half a dozen of ways to make a fully undetectable decryption stub (in fact I found way more than that). Here is a collection of methods. Some of those are very complex (and most "FUD cryptor" sellers use one of these). Others are so simple I don't understand why I've never seen these before. I am pretty sure underground and official virus writers are fully aware about these methods so I wanted to share these with the public.


User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...