Handling antivirus – make the trojan undetectable

00.JPG

the trojan created in the above example would run fine on windows xp and 7 if there are no uptodate antivirus on them. If there are any antivirus on the system they would detect the payload signature and warn the user. Windows 8 on the other hand comes with inbuilt anti malware protection (Windows defender) which would detect the trojan right away and would not allow the user to run the program.

So we need a way around this to make the trojan undetectable. A utility called PEScrambler can be used to encode the executable file such that antivirus/anti malware cannot detect it. Check it out at

https://code.google.com/p/pescrambler/

The download contains a single executable file and the usage is straightforward

C:\>PEScrambler.exe -i trojan.exe -o encoded.exe

Now the encoded.exe file is different from trojan.exe and is encoded such that antivirus may not be able to detect it.

At this point of time, most antivirus and antimalwares have become fully aware of the above techniques and it would be very difficult for the trojan to go undetected. Windows 8 inbuilt antimalware detects all such types of payloads generated from msfpayload and encoded with msfencode to whatever iteration level.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s