Help: FUD virus


(W1zard1) #1

Hello people from 0x00 sec! I’m new here so if I haven’t categorized my question properly I apologize.

So my question was, how do people make FUD payloads in this day and age?
Obviously anti-virus’s and the like have figured out some of the old methods of encoding and so most don’t work anymore. I was told that creating a batch virus instead of an exe can bypass some restraints, but have yet to try it.

I didn’t write this up in a practical sense either, I’m just generally curious of how people make an FUD and any info would be appreciated ;p


#2

Welcome to 0x00sec! :slightly_smiling_face:

Knowing how to create undetectable payloads naturally requires you to understand how anti-virus software works so if you do not understand this then it’s pretty hard to know what to do. I’d highly recommend you do some reading on not only this but also on how the Windows operating system works at a relatively low level, i.e. knowing the WinAPI, memory, special objects such as the registry, file formats, disassembly and debugging, etc.

I have a repository on the GitLab that has some resources on how anti-virus works and past methods discovered used in an attempt to defeat detection so if you wish to see them, register an account at https://gitlab.s-3.tech/ and then head over here: https://gitlab.s-3.tech/93aef0ce4dd141ece6f5/Resource-Dump/tree/master/Antivirus. If there are any issues accessing the repo, just message me your username and I will add you as a guest.

Discussion on this would be incredibly extensive which is probably better on a live chat medium such as our IRC at irc.0x00sec.org:6697+ where @Leeky and I are always actively discussing malware :drooling_face:. If you just want to do it here then that is also fine.


#3

I agree with @dtm , you have to understand how antivirus work and try to find a way to bypass it.
also good knowledge of windows api well help , for example I was using virtualalloc() function in my code and after days it was detected , I change it to NTvirtualalloc() , and it worked fine (FUD)
.Some people doesn’t know how the antivirus work ,but still they create FUD , but maybe they tried 10000 time , In the end if you want to create a FUD : Understand how the antivirus works,there is a book called “antivirus hackers’s handbook” it will help you.


(Lucas) #4

@dtm I’m not able to access the quoted link above, :sob: (:no_entry_sign:404)

I’m downloading the book @fox, I’ve just read the index, looks good, thank you for the recommendation.


#5

Try searching for my repo “Resource-Dump”. If that doesn’t work, you’ll need to hit up an admin.


(Lucas) #6

OK, I’ve found the repo, think I need to be a guest, as you mentioned, so I can actually see its content. Thanks for the fast answer. :open_mouth:


(system) #7

This topic was automatically closed after 30 days. New replies are no longer allowed.