Yersinia - encrypt programs, test antiviruses
Do not judge, I do not know how to write strictly ...
I had to somehow write cryptor. Well, in general, nothing special. Only here, due to the virtualization of antiviruses, antiviruses click them “on time”, simply running the code in the sandbox and analyzing it there.
Having broken his head for a couple of hours, I found a way out (trade secret)). The main thing is not to allow the sandbox to decrypt the file ... Well, plus, there are many different kinds of buns, which in theory should prevent debugging and so on (although in reality they have not worked for a long time, or do not work everywhere).
By the way, when generating the same file, the output always produces different results, i.e. the code of the encrypted file is always different, there is a difference in the header (so as not to give a chance for signature verification) and in the body itself (the entire encrypted code is completely different with each encryption).
')
True, while not all programs can be encrypted with my tool, on some it breaks off (a flaw so far, damp).
The only problem during the tests turned out to be misunderstandings with Symantec and Avast, which consider the file encrypted. Well, that's the way it is) just because that's the trouble - this couple reacts just as nervously to a clean file! And the clean file has an inconspicuous entropy - even the image inside the resources is not compressed, just bmp. On what grounds they consider the files harmful, I did not understand.
Video with a demonstration of work:
Big hello to ESET, McAffee and Kaspersky (not in the video) - no one has defined such a legend as Brontok) - VirusTotal .
The conclusion is generally sad - some react not to what is needed, others react to what they need - they don’t react ...
PS I had an interview, more precisely, pre-communication by mail with HR DrWeb - they said that those who helped in writing viruses are not recruited. Here and so) As Chris Kaspersky used to say, to be able to protect the system, you must first learn how to break it.
I had to somehow write cryptor. Well, in general, nothing special. Only here, due to the virtualization of antiviruses, antiviruses click them “on time”, simply running the code in the sandbox and analyzing it there.
Having broken his head for a couple of hours, I found a way out (trade secret)). The main thing is not to allow the sandbox to decrypt the file ... Well, plus, there are many different kinds of buns, which in theory should prevent debugging and so on (although in reality they have not worked for a long time, or do not work everywhere).
By the way, when generating the same file, the output always produces different results, i.e. the code of the encrypted file is always different, there is a difference in the header (so as not to give a chance for signature verification) and in the body itself (the entire encrypted code is completely different with each encryption).
')
True, while not all programs can be encrypted with my tool, on some it breaks off (a flaw so far, damp).
The only problem during the tests turned out to be misunderstandings with Symantec and Avast, which consider the file encrypted. Well, that's the way it is) just because that's the trouble - this couple reacts just as nervously to a clean file! And the clean file has an inconspicuous entropy - even the image inside the resources is not compressed, just bmp. On what grounds they consider the files harmful, I did not understand.
Video with a demonstration of work:
Big hello to ESET, McAffee and Kaspersky (not in the video) - no one has defined such a legend as Brontok) - VirusTotal .
The conclusion is generally sad - some react not to what is needed, others react to what they need - they don’t react ...
PS I had an interview, more precisely, pre-communication by mail with HR DrWeb - they said that those who helped in writing viruses are not recruited. Here and so) As Chris Kaspersky used to say, to be able to protect the system, you must first learn how to break it.
Source: https://habr.com/ru/post/311930/
All Articles