VirusTotal obfuscation

Online analysis tools such as VirusTotal are often used to upload suspicious files and analyze them. When trying to detect obfuscation techniques, it is often the case that we need to familiarize ourselves with them first. Most Advanced Persistent Threats hide their activity in such a way, that common analysis tools can’t figure out what a file does, before it is too late.

Our goal is to examine how online tools, like VirusTotal, does the analysis and what techniques can be used to obfuscate any malicious code inside an executable from them. We will try to create our own executable file, which will try, through the use of various techniques, to hide its purpose from analysis tools.

Goal

Examine how VirusTotal analyses uploaded files and develop a small executable, which can obfuscate its code and activity from the analysis tool.

Expected outcome

  • Documentation on VirusTotal research
  • implemented malicious executable on our GitLab server
  • 1 blog post about your findings
  • 1 project report documenting the research and implementation

Required skills

To start this project you should have some knowledge of:

  • C programming language
  • Python programming language
  • Possibly some knowledge of Assembly

Tools and technologies

To achieve this project, you will use following tools and technologies:

  • the IDE of your choosing to handle the implementation
  • use git to manage your source code
  • use GitLab to implement Continuous Implementation (CI)

Interested?

Contact us

This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept