Search



Categories

News

Videos

Underground

Vblogs

Hacking Challenges

Underground – Downfalls of Anti-Virus Software Part 2

November 7th, 2008 by Patchy
In the second part of Overide’s Underground Video, he explains how to encode an executable so that it is not detected by most Anti-Virus Software. Overide expands the NetCat executable to allow him to add a few extra lines of code which will encode/decode the program. He encodes the executable by XORing (Exclusive OR) each instruction with a specific value. Once encoded, NetCat’s Assembly code does not make any sense; therefore, it is difficult for Anti-Virus Software to identify the executable as a threat. Whenever the encoded NetCat program is executed, the Instructions are first decoded with the exact same code that Overide used to encode the program. This is possible because when you XOR data with a specific value, you can retrieve the original data by XORing the encode data with the same value. After the Instructions are decoded NetCat will run normally. Full Scale Video Here
Download Here

NetCat
LordPE
OllyDbg

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com

Posted in Underground | 2 Comments »

2 Responses

  1. excid3 Says:

    Once again, overide keepin it real

  2. CrashOverron Says:

    lmao pretty clever =P

You must be logged in to leave a comment.