Obsfuscation: Another Cyber-crime Contrivance to Bypass Antivirus Software

The most common means of the obfuscation technique that is employed in avoiding the anti-virus are, Packers, which compresses or ‘packs’ a malware program, Crypters that encrypt a malware program and other mutators which change the overall number of bytes in the program.

PowerShell Obfuscation which is a technique distributed in the form of a ZIP file that contains a PDF document and a VBS script was stumbled upon by a researcher. It was later found out that the aforementioned VB script had the Base64 encoding principals that were being used to obfuscate the first layer. A file is then downloaded by means of the PowerShell script namely, “hxxps://ravigel[dot]com/1cr[dot]dat”.

A method of string encryption that goes by the name of SecureString which is intrinsic in C# and is used to encrypt sensitive strings was found out in the file that is of the name 1cr.dat.

An array of instructions is designed to beat the automated sandbox techniques and another PE file “top.tab” is downloaded after that by making use of the existing script and the final payload is injected into the target’s machine.

Security must be kept taut and the best methods should be employed to diminish the repercussions of such an attack. A complete DDoS protection, high availability, 99.999% SLA and advanced security solutions must be the top priorities for the organizations that can’t manage interruption.  

If a server which was already infected was uploaded with a malware, the interaction between the attacker and the backdoor could be stopped which in turn would alert the admin eventually helping to remove the malware.  

Web application firewalls, backdoor shell protections, and other solution must be worked out to put a halt for any future vulnerability and to isolate any further attack. 

Leave a Reply