Packed Binary Triggers Other Malware Indicators

Open docsewell opened this issue 3 years ago • 0 comments

I used Step 5 to pack a binary for a CTF. It is a program that players have to debug to find the flag. The outputted binary flags a lot of strange behavior on VirusTotal.

I looked at the Python code myself for each of the steps, and I'm not sure how any of it could cause these triggers. The sandbox caught a connection to Microsoft's data center in Washington state, USA. (Do all programs built with Visual Studio get built in telemetry by default???).

I'm having difficulty understanding why these triggers occurred. I'd like some feedback before I post this challenge to the CTF in October 2022.

It is possible that the file got infected some other way, but I kind of doubt it.

Sep 11 '22 02:09 docsewell