Modify Stub / Private fud about pe-union HOT 7 CLOSED

On Jun 4, 2022, 7:35 AM, Martin Fischer < ***@***.***> wrote: ***@***.***[RyanSpeciale] I already assume that everyone who wants to modify another developers' project already knows how to program well enough. ***@***.***[bl4cklabel88] You need a service such as AntiScan.me, where you can scan with multiple AV without sending your test files to the vendors. That way, you can trial and error until you figure out what causes and what **evades** detection. Modifications are primarily relevant to the first stage. This code **only** checks for emulators and decrypts the second stage. This second stage contains particularly malicious code that performs all the RunPE / dropping and whatever. So, at scantime all this stuff is encrypted. The first stage, however, needs adjustments. Some things that could be flagged: * Structure, layout & executable format * Maybe AV has found the decryption routine? -> Change it * Lack of anything useful that the binary does - may seem malicious * I've already found that removing some of the emulator detection routines evades *some* AV. This might be a good place to start. Whatever pops into your mind, try it out and upload to AntiScan.me. It's a tedious task that requires a lot of patience, but you will eventually succeed as long as you don't publish your modifications. — Reply to this email directly, [view it on GitHub][], or [unsubscribe][]. You are receiving this because you were mentioned.![AWJIAYYOYJGSPHKDTHH2FJTVNM5QLA5CNFSM5X2HRM72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOIRLZ2SI.gif][]Message ID: ***@***.***>