Possibly Related Threads…

Mandala · Mar 25, 2025, 06:20 AM

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

WD for endpoint actually does work

vobka · (This post was last modified: Mar 29, 2025, 12:36 AM by vobka.)

(Mar 25, 2025, 05:48 AM)Alcxtraze Wrote: this is only from personal experience especially against WD "xD"

Yes WD's cloud sandbox is very picky for executable that is not signed, same executable with no changes besides valid cert has no issue. If you are more informed please do share im very open to changes.

(Mar 23, 2025, 04:26 PM)Mandala Wrote:
(Mar 23, 2025, 04:02 AM)vobka Wrote: Have you checked what creates the detection?

The stub’s memory allocation method (VirtualAlloc + RWX) is getting nuked.

(Mar 23, 2025, 04:02 AM)vobka Wrote: Comment out code until you are not getting detected and slowly start narrowing down the point. After this you can try to throw off the heuristics unless its completely ruined by AV. Such as WD will flag for persistence when trying to run key to the binary from where the call is coming from.

Thinking of switching to indirect syscalls + RW -> RX remapping and wishing it works. To be honest, I did not want to write my own crypter, but maybe it will be easier than trying to modify existing crypters.

Interesting, ive always had a flag after execution, never from allocating even with RWX

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Sektor7 - Malware Development Advanced - Vol.1	Sh4d0w1X	423	42,280	8 hours ago Last Post: GWNiemand1212
	[ LIST ] 5 FREE STEALERS WITH PROS/CONS	elix	381	14,552	Yesterday, 12:16 PM Last Post: GWNiemand1212
	[Go] Using the recycle bin for stealthy persistence (Beginner tutorial)	CreateThread	16	891	Yesterday, 07:53 AM Last Post: sureno
	Xordium stealer for Pulsar v2.4.5	nullvex	24	925	Yesterday, 01:12 AM Last Post: CuantoxReal
	[Sektor7] Full Recent Course	Spearr	29	590	Yesterday, 01:08 AM Last Post: CuantoxReal