HaktiriX

Well,my computer seems to be kinda immune to Gandalf's package too,haven't tested with the others...yet... :p //Maybe a code error?

I can do that with a winrar/UPX/UHARC compression as well..though UHARC probably is listed as a "illegally used compressor" ...but my are we getting away from topic...nice job as allways 8-)

Well...i still prefer .rar,but you know that :p Though i don't think that there are man AV's that will scan .7zip properly,simply because it isn't really a much used format...

Depending on how good the AV does it job on checking memory constantly,your little payload would probably work pretty well,until some AV company finds out about it... :-P So,yes theoretically speaking it would work...safest method to find out is still a virtual server and testing it :)

I'm not exactly sure i understand your question... The program would be run like any normal payload,with the difference that it decrypts itself into memory at some point...which would be pretty much the only point it would be detectable... The AV wouldn't be able to detect it as a known 'virus',except of course,if it is a bad encryption,or it somehow behaves stupidly... Well,if we look at my post here,you see the same conclusions from sablefoxx ,though he stated it clearer...the program will be catched in memory or in the decrypter embedded in the file,though there are workarounds for both...BTW Sc0rpi0 i would NOT recommend creating a rootkit though,since it makes the targeted system VERY unstable and mis configures it pretty bad too,that is,if you aren't an expert on what you are doing... ¨Whatever you choose,good luck :-)

I'm afraid that a process hider would involve either of the 2 named methods ...Either a Rootkit(Which is always bad...), Or recompiling it to system...

Well,theoretically speaking,we are talking about somewhere between some milliseconds and maybe a few seconds,depending on the encryption used... I'm not exactly sure i understand your question... The program would be run like any normal payload,with the difference that it decrypts itself into memory at some point...which would be pretty much the only point it would be detectable... The AV wouldn't be able to detect it as a known 'virus',except of course,if it is a bad encryption,or it somehow behaves stupidly...

Although Very nice indeed,you might want to include a process hider,as cmd is shown in the ctrl+alt+del menu,and one can hear the hard drive suddenly starting to work...(though these things may be ignored)And my AV detects a pretty big lot of infected files inside of the .7zip...

Theoretically if you encrypt the file strong enough it wouldn't be found by a AV,though it would take longer for the file to run,the stronger the encryptions is the longer it takes to decode it...