{"title":"使用代码突变生成防病毒规避可执行文件","authors":"Stefan Nicula","doi":"10.12948/ISSN14531305/22.2.2018.08","DOIUrl":null,"url":null,"abstract":"The paper is focus around developing a utility tool based on a python component and a C++ stub in order to compile executable Windows files that are capable of staying undetected to Antivirus solutions. The research process was focused around Antivirus software's ability to detect a malicious file and methods of bypassing the identified techniques. Dependencies and auxiliary links of the project are defined as inputs from the user as well as support software and frameworks designed to provide malicious payload with listeners and handlers for the generated shellcode. Overall, the utility tool is able to receive shellcode and one encryption key as input and generate malware in the shape of a Windows executable file that is able to successfully run and bypass Antivirus detection.","PeriodicalId":53248,"journal":{"name":"Informatica economica","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Generating Antivirus Evasive Executables Using Code Mutation\",\"authors\":\"Stefan Nicula\",\"doi\":\"10.12948/ISSN14531305/22.2.2018.08\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper is focus around developing a utility tool based on a python component and a C++ stub in order to compile executable Windows files that are capable of staying undetected to Antivirus solutions. The research process was focused around Antivirus software's ability to detect a malicious file and methods of bypassing the identified techniques. Dependencies and auxiliary links of the project are defined as inputs from the user as well as support software and frameworks designed to provide malicious payload with listeners and handlers for the generated shellcode. Overall, the utility tool is able to receive shellcode and one encryption key as input and generate malware in the shape of a Windows executable file that is able to successfully run and bypass Antivirus detection.\",\"PeriodicalId\":53248,\"journal\":{\"name\":\"Informatica economica\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Informatica economica\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.12948/ISSN14531305/22.2.2018.08\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Informatica economica","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12948/ISSN14531305/22.2.2018.08","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Generating Antivirus Evasive Executables Using Code Mutation
The paper is focus around developing a utility tool based on a python component and a C++ stub in order to compile executable Windows files that are capable of staying undetected to Antivirus solutions. The research process was focused around Antivirus software's ability to detect a malicious file and methods of bypassing the identified techniques. Dependencies and auxiliary links of the project are defined as inputs from the user as well as support software and frameworks designed to provide malicious payload with listeners and handlers for the generated shellcode. Overall, the utility tool is able to receive shellcode and one encryption key as input and generate malware in the shape of a Windows executable file that is able to successfully run and bypass Antivirus detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
