Jump to content

bitzero

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Recent Profile Visitors

779 profile views

bitzero's Achievements

Newbie

Newbie (1/14)

  1. bitzero
    Hey Walt, I don't have the know-how to code a project like this, and like the logs show there - the file was still detected on 14/41 AV programs... but it's better than over half of those detecting it for sure :P I'm also not sure how masking some of the better known files would go down - we can always try and see though :) If someone can put their hand up to code something like this (preferably someone who has coded one in the past) they can count me in to try and mask all of the .exe's (possibly .dll, I'll have to figure out if they can be en/decoded in the same way) I don't really want to go ahead and mask all the current files and then release it to the public, maybe releasing them on a person by person basis via PM's would work better - that way you can check their activity/post content etc... if script kiddies want to fuck shit up that's fine, but I'd rather not make it easier on them :P What I've done took a tiny bit of research and the ability to watch that presentation, anyone who wanted to could easily do it for themselves :P I'm kind of rambling here, but if anyone capable of coding/scripting a project wants to, count me in :) Cheers, bitzero
  2. bitzero
    Hey guys, I saw this package and it caught my interests... The only problem I had with it was that most everything would be caught by AV... then I remembered a video of a presentation where the presenter (forgotten your name! sorry!! was a brilliant presentation named "Pissing on your AV") detailed how to add a few instructions in the executable which (encoded the executable) and then decoded it while in memory (the actual executable was changed, as such to AV it was not the same file) Then I decided to take a crack at it, I chose the IEPV.exe file under the SYSTEM directory and set to work I took a virustotal.com scan before I had modified anything: File IEPV.EXE received on 2009.09.08 07:04:02 (UTC) Result: 28/41 (68.3%) Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.08 Riskware.PSWTool.Win32.NetPass!IK AhnLab-V3 5.0.0.2 2009.09.07 - AntiVir 7.9.1.12 2009.09.07 SPR/PSW.NetPass.AA Antiy-AVL 2.0.3.7 2009.09.08 PSWTool/Win32.NetPass.gen Authentium 5.1.2.4 2009.09.07 - Avast 4.8.1351.0 2009.09.07 - AVG 8.5.0.409 2009.09.07 HackTool.FAL BitDefender 7.2 2009.09.08 Gen:Application.Heur.cmKfbuh2Hzc CAT-QuickHeal 10.00 2009.09.08 PSWTool.NetPass.ep (Not a Virus) ClamAV 0.94.1 2009.09.08 Trojan.PSW.IEPass-1 Comodo 2203 2009.09.08 ApplicUnsaf.Win32.PSWTool.NetPass.aa DrWeb 5.0.0.12182 2009.09.07 Tool.PassView.34 eSafe 7.0.17.0 2009.09.06 Suspicious File eTrust-Vet 31.6.6725 2009.09.08 - F-Prot 4.5.1.85 2009.09.07 - F-Secure 8.0.14470.0 2009.09.08 PSWTool.Win32.NetPass.ep Fortinet 3.120.0.0 2009.09.08 HackerTool/NetPass GData 19 2009.09.08 Gen:Application.Heur.cmKfbuh2Hzc Ikarus T3.1.1.72.0 2009.09.08 not-a-virus:PSWTool.Win32.NetPass Jiangmin 11.0.800 2009.09.08 - K7AntiVirus 7.10.837 2009.09.05 not-a-virus:PSWTool.Win32.NetPass.aa Kaspersky 7.0.0.125 2009.09.08 not-a-virus:PSWTool.Win32.NetPass.ep McAfee 5734 2009.09.07 potentially unwanted program Generic PUP McAfee+Artemis 5734 2009.09.07 potentially unwanted program Generic PUP McAfee-GW-Edition 6.8.5 2009.09.08 Riskware.PSW.NetPass.AA Microsoft 1.5005 2009.09.08 - NOD32 4404 2009.09.08 Win32/PSWTool.IEPassView.NAC Norman 6.01.09 2009.09.07 - nProtect 2009.1.8.0 2009.09.07 Trojan/W32.Agent.35840.DD Panda 10.0.2.2 2009.09.07 Hacktool/NetPass.D PCTools 4.4.2.0 2009.09.07 PWSTool.generic!ct Prevx 3.0 2009.09.08 - Rising 21.46.11.00 2009.09.08 - Sophos 4.45.0 2009.09.08 NirSoft Sunbelt 3.2.1858.2 2009.09.07 PSWTool.Win32.NetPass.aa Symantec 1.4.4.12 2009.09.08 Hacktool TheHacker 6.3.4.3.397 2009.09.07 Trojan/NetPass.aa TrendMicro 8.950.0.1094 2009.09.08 - VBA32 3.12.10.10 2009.09.08 - ViRobot 2009.9.8.1922 2009.09.08 Not_a_virus:PSWTool.NetPass.35840.A VirusBuster 4.6.5.0 2009.09.07 - ________________________________________________________________________________ And then I took one afterwards: File IEPV-3.exe received on 2009.09.08 08:23:16 (UTC) Result: 14/41 (34.15%) Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.08 Riskware.PSWTool.Win32.NetPass!IK AhnLab-V3 5.0.0.2 2009.09.08 - AntiVir 7.9.1.12 2009.09.08 - Antiy-AVL 2.0.3.7 2009.09.08 - Authentium 5.1.2.4 2009.09.07 W32/PassView.A.gen!Eldorado Avast 4.8.1351.0 2009.09.07 - AVG 8.5.0.409 2009.09.07 HackTool.FAL BitDefender 7.2 2009.09.08 Gen:Application.Heur.cm0@bKwwDQlO CAT-QuickHeal 10.00 2009.09.08 - ClamAV 0.94.1 2009.09.08 PUA.PwTool.NetPass-8 Comodo 2204 2009.09.08 - DrWeb 5.0.0.12182 2009.09.07 Tool.PassView.34 eSafe 7.0.17.0 2009.09.06 Suspicious File eTrust-Vet 31.6.6725 2009.09.08 Win32/Vxidl!generic F-Prot 4.5.1.85 2009.09.07 W32/PassView.A.gen!Eldorado F-Secure 8.0.14470.0 2009.09.08 - Fortinet 3.120.0.0 2009.09.08 - GData 19 2009.09.08 Gen:Application.Heur.cm0@bKwwDQlO Ikarus T3.1.1.72.0 2009.09.08 not-a-virus:PSWTool.Win32.NetPass Jiangmin 11.0.800 2009.09.08 - K7AntiVirus 7.10.837 2009.09.05 - Kaspersky 7.0.0.125 2009.09.08 - McAfee 5734 2009.09.07 - McAfee+Artemis 5734 2009.09.07 - McAfee-GW-Edition 6.8.5 2009.09.08 - Microsoft 1.5005 2009.09.08 - NOD32 4404 2009.09.08 Win32/PSWTool.IEPassView.NAC Norman 6.01.09 2009.09.08 - nProtect 2009.1.8.0 2009.09.08 Trojan/W32.Agent.35840.DD Panda 10.0.2.2 2009.09.07 - PCTools 4.4.2.0 2009.09.07 - Prevx 3.0 2009.09.08 - Rising 21.46.11.00 2009.09.08 - Sophos 4.45.0 2009.09.08 Mal/EncPk-C Sunbelt 3.2.1858.2 2009.09.07 - Symantec 1.4.4.12 2009.09.08 - TheHacker 6.3.4.3.397 2009.09.07 - TrendMicro 8.950.0.1094 2009.09.08 - VBA32 3.12.10.10 2009.09.08 - ViRobot 2009.9.8.1922 2009.09.08 - VirusBuster 4.6.5.0 2009.09.07 - _____________________________________________________________________________ Now, it isn't fooling everything... but 14/41 is better than 28/41 :) If anyone is keen on getting me a list of which files show up as virii and keen on trying to get this project back up and running let me know - I'm willing to put my time into setting this up for each executable neccessary :) Those interested give me a PM! Cheers, bitzero edit: attached file, feel free to check it's functionality and virus scan results vs. the original edit2: bah, can't attach the file visit here to dl - http://rapidshare.com/files/277188423/IEPV-3.exe.html
×
×
  • Create New...