Antivirus Challenge: Wrapping The Threat - Gasskeun Antivirus Challenge: Wrapping The Threat | Gasskeun

Antivirus Challenge: Wrapping The Threat


 I want to check the antivirus detection by modifying the malware file Antivirus Challenge: Wrapping the Threat
Source:pixabay.com
I want to check the antivirus detection by modifying the malware file. In this case, I will wrap the file using internal Windows aktivitas called IExpress.

Now we will upload the original malware file to VirusTotal. We will reanalyze the scan to make sure get the latest result.

Original file before modifying the file: https://www.virustotal.com/#/file/0cd7440ca94d31212e21867439f38f0828823b76c94d566e81f5dfaf71574ebc/detection

Almost all antivirus detects the malware file except:
Alibaba, Avast Mobile Security, Babable, Bkav, CMC, eGambit, Kingsoft, SUPERAntiSpyware, TheHacker, Trustlook, Zoner, Symantec Mobile Insight
Well, pay attention to these antivirus brands because they cannot detect old ransomware file.

Then we will wrap the malware file using IExpress. Now malware is wrapped into a new file. If we execute the file than the malware will run as usual.

Let's check the detection rates. We will upload to VirusTotal again. Now the result is quite surprising.

Many antivirus dont detect the sample file:
Ad-Aware, AhnLab-V3, Alibaba, ALYac, Arcabit, Avast Mobile Security, Babable, BitDefender, Bkav, CMC, Cybereason, eGambit, Emsisoft, Endgame, GData, Kingsoft, MAX, Palo Alto Networks, Panda, Qihoo-360, SentinelOne, Sophos AV, SUPERAntiSpyware, TACHYON, Tencent, TheHacker, Trustlook, VBA32, ViRobot, Webroot, Zillya, Zoner, Symantec Mobile Insight
Wrapped file after modying the file:
https://www.virustotal.com/#/file/d3bddd0d2e1d7450968ddee3d73e4bfb909e1558dded4224b6deb127d7d1772d/detection

As you can see, many famous Antivirus brands got the beat down by this simple test.

So, according this testing, you should concern if your antivirus is listed above and please get a new one.

Video demo:

Related Posts