kz26 Posted January 7, 2007 Share Posted January 7, 2007 I have created a custom payload that will be used on computers protected by Symantec Antivirus Corporate Edition. I have read that many of the NirSoft utilities are detected as viruses. How would I go about encrypting the EXE files so that it can run without being detected? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted January 7, 2007 Share Posted January 7, 2007 normally you'd use a packer program to repackage the executable with a new signature, but depending ont he packer and the antivirus results may vary. if you know your target is protected you might want to think about using alternate tools, or run your payload in a sandbox. I'm sure you can scrounge up a copy of norton for testing purposes. Quote Link to comment Share on other sites More sharing options...
kz26 Posted January 7, 2007 Author Share Posted January 7, 2007 what are some good packers? morphine and UPX don't really help Quote Link to comment Share on other sites More sharing options...
remkow Posted January 7, 2007 Share Posted January 7, 2007 The best ones are the ones made by yourself, because the AV vendors won't have any idea on how it works. Maybe try getting a private one somewhere, or use multiple packers on the same file. Quote Link to comment Share on other sites More sharing options...
majk Posted January 7, 2007 Share Posted January 7, 2007 There are programs made for encrypting RATs (remote administration trojans) to avoid anti-virus detection. Try searching on some RAT/trojan related sites. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.