Underground – Downfalls of Anti-Virus Software Part 2

In the second part of Overide’s Underground Video, he explains how to encode an executable so that it is not detected by most Anti-Virus Software. Overide expands the NetCat executable to allow him to add a few extra lines of code which will encode/decode the program. He encodes the executable by XORing (Exclusive OR) each instruction with a specific value. Once encoded, NetCat’s Assembly code does not make any sense; therefore, it is difficult for Anti-Virus Software to identify the executable as a threat. Whenever the encoded NetCat program is executed, the Instructions are first decoded with the exact same code that Overide used to encode the program. This is possible because when you XOR data with a specific value, you can retrieve the original data by XORing the encode data with the same value. After the Instructions are decoded NetCat will run normally.
Download Here

NetCat
LordPE
OllyDbg

If you would like to submit a video to Infinity Exists Underground send an email describing your video to underground@infinityexists.com