[Q] Hiding from AV with a file binder.

[UnKn0wnBooof]

Ok,

So I've been doing my research and I've tried a few file binders, but when I scan the outputted file with https://www.virustotal.com/uk/ , It's still detected as a virus. Anyone know of some good file binders?

Thanks.

[tom564]

Ok,

So I've been doing my research and I've tried a few file binders, but when I scan the outputted file with https://www.virustotal.com/uk/ , It's still detected as a virus. Anyone know of some good file binders?

Thanks.

I played around with veil using a reverse meterpreter payload and py2exe and was able to make an undetected file. I also read somewhere to not use virus total as it may result in quicker detection as they share signatures but i don't currently remember the alternative.

[GuardMoony]

Almost any virus scanning side will share its files with AV companies or researchers.

I dont know where i got the info from. But you could change the wrapper/packer code from meterpreter to make it lesser detectable. The persone did test with this and only doing miner changes he made

the method of meterpreter to only 1/2 out of 32 AV's.

If you google arround you can find enough tutorials on it.

[mreidiv]

"Rob Fuller (@mubix) created a great tool called VT-Notify. VT-Notify works by sending a SHA1 hash of a binary to VirusTotal through its API. The key thing to note here is that your payload is not uploaded to VirusTotal, simply its SHA1 hash. VirusTotal then uses the SHA1 hash against its AV solutions, and let’s you know if any of the SHA1 hashes have been flagged/detected by any of the antivirus solutions it has available. Again, while we still think it’s best to not submit any information anywhere, this is the best solution for checking to see if your payloads have been flagged."

Taken from the web. Never scan you pay load directly with an av.