码迷,mamicode.com
首页 > 编程语言 > 详细

Python Ethical Hacking - TROJANS Analysis(3)

时间:2019-10-13 17:12:16      阅读:79      评论:0      收藏:0      [点我收藏+]

标签:down   from   programs   https   rac   enc   ssi   div   delay   

BYPASSING ANTI-VIRUS PROGRAMS

AV programs detect viruses based on:

1. Code - compare files to huge databases of signatures.

    ->Use own code, obfuscation, useless operations, encode, pack ...etc

2. Behaviour - run a file in a sandbox and analyze it.

   -> Run trusted operations before evil code.

   ->Delay execution of evil code.

 

Scan the file on the following website:

NoDistribute - Online Virus Scanner Without Result Distribution

https://nodistribute.com/

技术图片

 

 

Using UPX to Package the executable program.

https://upx.github.io/

Download the file from https://github.com/upx/upx/releases/download/v3.95/upx-3.95-amd64_linux.tar.xz.

And extract to the /opt folder.

技术图片

 

 Compress the evil file through UPX.

./upx /root/PycharmProjects/reverse_backdoor/dist/reverse_backdoor.exe -o compressed_backdoor.exe

技术图片

 

 

Scan the compressed_backdoor.exe file, the result is a little better.

技术图片

 Take your file Unique and delay to execute the evil code to let the AV program think your program is harmless.

Python Ethical Hacking - TROJANS Analysis(3)

标签:down   from   programs   https   rac   enc   ssi   div   delay   

原文地址:https://www.cnblogs.com/keepmoving1113/p/11666866.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!