Skip to content
This repository has been archived by the owner on Nov 24, 2023. It is now read-only.

AV Detections caused by obfuscation #8

Closed
Simon-Davies opened this issue Aug 19, 2021 · 2 comments
Closed

AV Detections caused by obfuscation #8

Simon-Davies opened this issue Aug 19, 2021 · 2 comments

Comments

@Simon-Davies
Copy link

Simon-Davies commented Aug 19, 2021
edited

The obfuscation causes these AV detections:

image
@Simon-Davies Simon-Davies changed the title Detected caused by obfuscation AV Detections caused by obfuscation Aug 19, 2021
@AnErrupTion
Copy link
Owner

Those are heuristic results, which mean that they use "logic" to determine if a file looks suspicious or not (to make it simple). Unfortunately we can't really avoid that, obfuscators will always generate false positives in one or more AVs, sadly.

@Simon-Davies
Copy link
Author

Simon-Davies commented Aug 21, 2021
edited

I have removed both AV detections by commenting out one of the Protections :)

            Protection[] protections = new Protection[]
            {
                new Renamer(),
                new AntiTamper(),
                new JunkDefs(),
                new StringEncryption(),
                new AntiDe4dot(),
                new ControlFlow(),
                //new IntEncoding(),
                new ProxyAdder(),
                new InvalidMetadata()
            };

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Simon-Davies @AnErrupTion