Jump to content

[Q] Hiding from AV with a file binder.


UnKn0wnBooof

Recommended Posts

Ok,

So I've been doing my research and I've tried a few file binders, but when I scan the outputted file with https://www.virustotal.com/uk/ , It's still detected as a virus. Anyone know of some good file binders?

Thanks.

I played around with veil using a reverse meterpreter payload and py2exe and was able to make an undetected file. I also read somewhere to not use virus total as it may result in quicker detection as they share signatures but i don't currently remember the alternative.

Link to comment
Share on other sites

Almost any virus scanning side will share its files with AV companies or researchers.

I dont know where i got the info from. But you could change the wrapper/packer code from meterpreter to make it lesser detectable. The persone did test with this and only doing miner changes he made

the method of meterpreter to only 1/2 out of 32 AV's.

If you google arround you can find enough tutorials on it.

Link to comment
Share on other sites

"Rob Fuller (@mubix) created a great tool called VT-Notify. VT-Notify works by sending a SHA1 hash of a binary to VirusTotal through its API. The key thing to note here is that your payload is not uploaded to VirusTotal, simply its SHA1 hash. VirusTotal then uses the SHA1 hash against its AV solutions, and let’s you know if any of the SHA1 hashes have been flagged/detected by any of the antivirus solutions it has available. Again, while we still think it’s best to not submit any information anywhere, this is the best solution for checking to see if your payloads have been flagged."

Taken from the web. Never scan you pay load directly with an av.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...