Thursday, 25 October 2018

Antivirus Challenge: Wrapping the Threat

Virus Detection Test: Wrapping the Threat
I want to check the antivirus detection by modifying the malware file. In this case, I will wrap the file using internal Windows program called IExpress.

Now we will upload the original malware file to VirusTotal. We will reanalyze the scan to make sure get the latest result.

Original file before modifying the file:

Almost all antivirus detects the malware file except:
Alibaba, Avast Mobile Security, Babable, Bkav, CMC, eGambit, Kingsoft, SUPERAntiSpyware, TheHacker, Trustlook, Zoner, Symantec Mobile Insight
Well, pay attention to these antivirus brands because they cannot detect old ransomware file.

Then we will wrap the malware file using IExpress. Now malware is wrapped into a new file. If we execute the file than the malware will run as usual.

Let's check the detection rates. We will upload to VirusTotal again. Now the result is quite surprising.

Many antivirus dont detect the sample file:
Ad-Aware, AhnLab-V3, Alibaba, ALYac, Arcabit, Avast Mobile Security, Babable, BitDefender, Bkav, CMC, Cybereason, eGambit, Emsisoft, Endgame, GData, Kingsoft, MAX, Palo Alto Networks, Panda, Qihoo-360, SentinelOne, Sophos AV, SUPERAntiSpyware, TACHYON, Tencent, TheHacker, Trustlook, VBA32, ViRobot, Webroot, Zillya, Zoner, Symantec Mobile Insight
Wrapped file after modying the file:

As you can see, many famous Antivirus brands got the beat down by this simple test.

So, according this testing, you should concern if your antivirus is listed above and please get a new one.

Video demo:

No comments:

Post a comment