Online analysis tools such as VirusTotal are often used to upload suspicious files and analyze them. When trying to detect obfuscation techniques, it is often the case that we need to familiarize ourselves with them first. Most Advanced Persistent Threats hide their activity in such a way, that common analysis tools can’t figure out what a file does, before it is too late.
Our goal is to examine how online tools, like VirusTotal, does the analysis and what techniques can be used to obfuscate any malicious code inside an executable from them. We will try to create our own executable file, which will try, through the use of various techniques, to hide its purpose from analysis tools.
Examine how VirusTotal analyses uploaded files and develop a small executable, which can obfuscate its code and activity from the analysis tool.
To start this project you should have some knowledge of:
To achieve this project, you will use following tools and technologies: