Evading antivirus?

Talk about any languages right here. Share and discuss source, but don't expect your homework to be done for you.
Post Reply
Hatemind
n00b
Posts: 5
Joined: Fri May 30, 2014 1:14 pm

Evading antivirus?

Post by Hatemind » Sat Jun 07, 2014 1:51 am

I'm currently making a program that needs to bypass antivirus. My current steps are killing mbam.exe (and programs that come with windows that would allow someone to disable the program) every five seconds (tool is in python but compiled to an exe; anyone with a more eficient way then sending taskkill /f mbam.exe to the shell is urged to help), and a pause after writing to the startup folder (I did it this way because I don't know of any botkillers that clear said folder, and I thought it to not exist anymore because it wasn't visible as it was previously. Some users may have forgotten it exists) which should help with behaviour analysis while writing itself before users can close it in task manager.

Adding junk code (variables) throughout the code with somewhat long strings, and compiling several exe's with different strings there is an idea I had. I could then distribute random exe's when they are downloaded from a site I control. A thought I had about this was that I could compare two files that I have done this with and create a script to automatically change that junk code to something random, that way when introducing updates to said software each version is unique; the problem being that other areas remain the same and may be a good signature if this is possible.

What other steps would you reccomend? I'd like to leave the computers running this in a working state.

EDIT: I will not have a windows machine or VM until moday I think, I need a new HDD and a new charger for the windows laptop I have.

User avatar
ScHacker23
Apprentice
Posts: 42
Joined: Sun Apr 07, 2013 12:37 am

Re: Evading antivirus?

Post by ScHacker23 » Fri Jun 27, 2014 7:40 am

This forum is for hacking not cracking. I think you need a revision of the terms.

There are two different things, "hacking" and "cracking". And you're discussing your malicious (cracking) stuff in a sub-forum which is titled Programming. I don't mean to flame and insult you here, I'm just giving my views, thats all (no hard feelings, right :P) Sorry for all this, (feel free to criticize me :cool: ), but I really hate it when people discuss Cracking in fields where is says in bold "PROGRAMMING" (not even 'hacking', lol!). Anyways here's what I'm sayin' -:

From Wikipedia:
A hacker is one who enjoys the intellectual challenge of creatively overcoming and circumventing limitations of programming systems and who tries to extend their capabilities The act of engaging in activities (such as programming or other media) in a spirit of playfulness and exploration is termed hacking. However the defining characteristic of a hacker is not the activities performed themselves (e.g. programming), but the manner in which it is done: Hacking entails some form of excellence, for example exploring the limits of what is possible, thereby doing something exciting and meaningful.
From CatB.org (home of the Jargon-File, by Eric S Raymond, editor of the Jargon file):
There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.
Here's what I've know (and I've heard) about cracking and doing malicious stuff.

From the Jargon File:
One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish worm in this sense around 1981--82 on Usenet was largely a failure.

Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. The neologism “cracker” in this sense may have been influenced not so much by the term “safe-cracker” as by the non-jargon term “cracker”, which in Middle English meant an obnoxious person (e.g., “What cracker is this same that deafs our ears / With this abundance of superfluous breath?” — Shakespeare's King John, Act II, Scene I) and in modern colloquial American English survives as a barely gentler synonym for “white trash”.

While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around some security in order to get some work done).

Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life. An easy way for outsiders to spot the difference is that crackers use grandiose screen names that conceal their identities. Hackers never do this; they only rarely use noms de guerre at all, and when they do it is for display rather than concealment.

Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty losing. Some other reasons crackers are looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and hacker ethic. For a portrait of the typical teenage cracker, see warez d00dz.
A little history of warez d00dz and crackerz from the Jargon-File:
From the early 1980s onward, a flourishing culture of local, MS-DOS-based bulletin boards developed separately from Internet hackerdom. The BBS culture has, as its seamy underside, a stratum of ‘pirate boards’ inhabited by crackers, phone phreaks, and warez d00dz. These people (mostly teenagers running IBM-PC clones from their bedrooms) have developed their own characteristic jargon, heavily influenced by skateboard lingo and underground-rock slang. While BBS technology essentially died out after the Great Internet Explosion, the cracker culture moved to IRC and other Internet-based network channels and maintained a semi-underground existence.

Though crackers often call themselves ‘hackers’, they aren't (they typically have neither significant programming ability, nor Internet expertise, nor experience with UNIX or other true multi-user systems). Their vocabulary has little overlap with hackerdom's, and hackers regard them with varying degrees of contempt. But ten years on the brightest crackers tend to become hackers, and sometimes to recall their origins by using cracker slang in a marked and heavily ironic way.
The mass media of today uses the words interchangeably and its been used like this too much that people think if you can break into a system then you're hacker but you're not. Real hackers are the ones who have an expertise in programming, they're fascinated by problems and feel delight in solving them. The 'Hacker' term is misused to that extend that now people call everyone who can break a system a hacker. Breaking-In to a system does not make you a hacker as being able to hotwire cars makes you an automotive engineer.

Here are some links that I referred to here:
http://www.catb.org/jargon/html/
http://www.catb.org/esr/faqs/hacker-howto.html

http://www.catb.org/jargon/html/C/cracker.html
http://www.catb.org/jargon/html/crackers.html
http://www.catb.org/jargon/html/W/warez-d00dz.html

Look, I'm not insulting you here but if you wanna ask about cracking (which is your 'hacking' :wink: ) then I don't think its fair to ask in a sub-forum titled Programming on a Hacking Forums site.

Thanks.
You may stop this individual, but you can't stop us all... after all, we're all alike.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Evading antivirus?

Post by Cool_Fire » Fri Jun 27, 2014 10:46 am

I'd say read up on polymorphism.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply