Possibly Related Threads…

Mandala · Mar 25, 2025, 06:20 AM

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

WD for endpoint actually does work

vobka · (This post was last modified: Mar 29, 2025, 12:36 AM by vobka.)

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

Yes WD's cloud sandbox is very picky for executable that is not signed, same executable with no changes besides valid cert has no issue. If you are more informed please do share im very open to changes.

(Mar 23, 2025, 04:26 PM)Mandala Wrote:
(Mar 23, 2025, 04:02 AM)vobka Wrote: Have you checked what creates the detection?

The stub’s memory allocation method (VirtualAlloc + RWX) is getting nuked.

(Mar 23, 2025, 04:02 AM)vobka Wrote: Comment out code until you are not getting detected and slowly start narrowing down the point. After this you can try to throw off the heuristics unless its completely ruined by AV. Such as WD will flag for persistence when trying to run key to the binary from where the call is coming from.

Thinking of switching to indirect syscalls + RW -> RX remapping and wishing it works. To be honest, I did not want to write my own crypter, but maybe it will be easier than trying to modify existing crypters.

Interesting, ive always had a flag after execution, never from allocating even with RWX

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Python Chrome Data Stealer (url, username/email, password, etc) Discord Webhook	mooning	140	9,387	Apr 27, 2026, 05:37 PM Last Post: gergergergerg5825g651eg
	Xordium stealer for Pulsar v2.4.5	nullvex	23	849	Apr 27, 2026, 02:48 PM Last Post: kochamapi4api
	Bypass AV and EDR - Halos Gate from Sektor7	0x01	124	11,114	Apr 25, 2026, 11:13 AM Last Post: Ususuussss
	Malware On Steroids	Carpenter12	0	84	Feb 10, 2026, 07:06 PM Last Post: Carpenter12
	Malware Extension Spoofer	Psych1c	19	637	Feb 10, 2026, 08:02 AM Last Post: ucy