With the continuous rise of malicious campaigns and the exploitation of new
attack vectors, it is necessary to assess the efficacy of the defensive
mechanisms used to detect them. To this end, the contribution of our work is
twofold. First, it introduces a new method for obfuscating malicious code to
bypass all static checks of multi-engine scanners, such as VirusTotal.
Interestingly, our approach to generating the malicious executables is not
based on introducing a new packer but on the augmentation of the capabilities
of an existing and widely used tool for packaging Python, PyInstaller but can
be used for all similar packaging tools. As we prove, the problem is deeper and
inherent in almost all antivirus engines and not PyInstaller specific. Second,
our work exposes significant issues of well-known sandboxes that allow malware
to evade their checks. As a result, we show that stealth and evasive malware
can be efficiently developed, bypassing with ease state of the art malware
detection tools without raising any alert.

By admin