Antivirus Evasion with Python

Hardly, most ML/DL engines convict based on packers now. If you’re still working with identity based engines then potentially. Even then, that’s what virus total says, if you build a sandbox and rely on dynamic analysis/runtime detection once it’s been unpacked the known malware is then detected.

I’m surprised at py2exe having zero detections on VT, based on the binary being unsigned and untrusted most AV or not should convict that even as a PUA. Unless it’s been compiled on the host that you want it to run on.

VT is an epic resource however, when you’re doing pentests or red team and want to stay stealth, building a sandbox and doing dynamic analysis on your payload is critical because VT alone will often get you caught.

Interestingly, this is often how I’ve been engaged to do threat simulation. A CIO will read this blog post, then be like “zero detections this industry is a scam” then we’re engaged to build malware in a similar manner and measure the efficacy of their defences.

Read More…

Leave a Reply