Possibly Related Threads…

Mandala · Mar 25, 2025, 06:20 AM

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

WD for endpoint actually does work

vobka · (This post was last modified: Mar 29, 2025, 12:36 AM by vobka.)

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

Yes WD's cloud sandbox is very picky for executable that is not signed, same executable with no changes besides valid cert has no issue. If you are more informed please do share im very open to changes.

(Mar 23, 2025, 04:26 PM)Mandala Wrote:
(Mar 23, 2025, 04:02 AM)vobka Wrote: Have you checked what creates the detection?

The stub’s memory allocation method (VirtualAlloc + RWX) is getting nuked.

(Mar 23, 2025, 04:02 AM)vobka Wrote: Comment out code until you are not getting detected and slowly start narrowing down the point. After this you can try to throw off the heuristics unless its completely ruined by AV. Such as WD will flag for persistence when trying to run key to the binary from where the call is coming from.

Thinking of switching to indirect syscalls + RW -> RX remapping and wishing it works. To be honest, I did not want to write my own crypter, but maybe it will be easier than trying to modify existing crypters.

Interesting, ive always had a flag after execution, never from allocating even with RWX

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Bypass Cookies Encryption \| Working	FrancisMDouble	8	1,066	7 hours ago Last Post: 0x0xGunger998
	Malware On Steroids	0neSh0t	348	24,261	7 hours ago Last Post: 0x0xGunger998
	[ LIST ] 5 FREE STEALERS WITH PROS/CONS	elix	391	15,388	7 hours ago Last Post: 0x0xGunger998
	Malware Development MD MZ E Book	Mandala	51	2,024	7 hours ago Last Post: 0x0xGunger998
	3 sektor7 free courses	NEO123	50	3,428	7 hours ago Last Post: 0x0xGunger998