You'd still need a decoding stub which can be fingerprinted. An XOR "decoder" is... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mschuster91 on March 20, 2016 | parent | context | favorite | on: Bypassing Antivirus with Ten Lines of Code

You'd still need a decoding stub which can be fingerprinted. An XOR "decoder" is far smaller in shellcode and can be custom written in asm to reduce time-to-first-signature.

chris_va on March 20, 2016 [–]

You could just pepper the b64 with jmp statements and randomly intersperse your decoder code.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact