Author Topic: What is the reaction of resident shield of AV for obfuscated file?  (Read 1456 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hi. So, if I have malicious file in my computer, scanning of file system (or something like that) tagged that file as a danger. If I obfuscated this malicious file (e.g. with NOP instructions or adding JMP instructions), then scanning of file system not tag that it is a dangerous file. But if after run this file is into memory, what is reaction resident shield of antivirus on this file? Obfuscated file is running in memory, is it tagged by resident shield or what? Excuse my english. Can somebody help me? PLEASE

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5556
  • Spartan Warrior
Re: What is the reaction of resident shield of AV for obfuscated file?
« Reply #1 on: June 24, 2014, 07:45:41 AM »
Two safe(r) ways to go about this:
  • Upload your file to Virus Total [dot] com and scan
  • Run your file in a VM (Virtual Machine) and see what happens
Common technique for malware writers to see if their malware is detected or not.  Is this what you're trying to find out?  Second option would allow your file to run as is.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762) UI version 1.0.797

REDACTED

  • Guest
Re: What is the reaction of resident shield of AV for obfuscated file?
« Reply #2 on: June 24, 2014, 06:34:59 PM »
Thank for response. But, I need answer for that question- What is the reaction of resident shield on obfuscated file? If the file system scanning donĀ“t tag obfuscated file, what is doing when I run this file, it will be tag as malicious by resident shield or not? Thanks.