da3m0n s3c

The malware ideology, and even it's entire methodology has morphed over the last year or so. It was decided to write a piece to offer some clarity on the idea of “AV evasion”. There seems to be little in depth working knowledge of the actual various techniques used. Time for a quick lesson to give more definition to this increasingly popular malicious scripting. Below is a list of some of the current successful antivirus evasion tactics used by malware. Hash modification. One way AV’s are able to detect if a file is (or contains) a known malware by calculating the file hash. It avoids this detection by changing a simple bit in the binary thus allowing the file to evade any &OR hash detections. Specific malware signatures. Some signatures are specifically designed to catch an exploit or otherwise spotted by specific behaviors. By only reversing the signature, it is possible for this to modify the malware so no matching patterns reside in it's signature. Just one exam