ethers-rs icon indicating copy to clipboard operation
ethers-rs copied to clipboard
verified publisher icon gakonst

Detected By AV (Kaspersky, Avira)

Open uxeer opened this issue 6 years ago • 8 comments

uxeer avatar Jun 26 '19 14:06 uxeer

Static scan or during execution? Can you please also provide some details about which technique you used

Ch0pin avatar Jun 26 '19 14:06 Ch0pin

Without scan or execution, i just copy payload.exe on target PC kaspersky detected it.

uxeer avatar Jun 26 '19 16:06 uxeer

What injection method did you use?

Ch0pin avatar Jun 26 '19 16:06 Ch0pin

Thread Hijacking (Shellcode Arch: x86, OS arch: x86)

uxeer avatar Jun 26 '19 17:06 uxeer

Thank you for your feedback I' ll check and get back to you

Ch0pin avatar Jun 27 '19 03:06 Ch0pin

checked your claim and it is true, I will issue a relative update to solve the issue. Thanks again for the feedback

Ch0pin avatar Jun 30 '19 10:06 Ch0pin

Thank you 😀

uxeer avatar Jun 30 '19 21:06 uxeer

It has been reported that the produced backdoor is no more undetectable from the majority of the AV solutions, which is indeed true and which is something I expected by the time that the software is getting more and more 'popular'. As a temporary solution I advise you to use a C# obfuscator on the produced executable. In my case, I used babel for net (http://www.babelfor.net/) with a great success for the majority of AV’s (including Kaspersky, Avast etc.).

Ch0pin avatar Oct 17 '19 05:10 Ch0pin