Evading Antivirus Software Detection Using Python and PowerShell Obfuscation Framework
Keywords:
Evasion, Metasploit, Malware, Obfuscation, PowerShell, Python
Abstract
Avoiding antivirus detection in penetration testing activities is tricky. The simplest, most effective, and most efficient way is to disguise malicious code. However, the obfuscation process will also be very complex and time-consuming if done manually. To solve this problem, many tools or frameworks on the internet can automate the obfuscation process, but how effective are obfuscation tools to avoid antivirus detection are. This study aimed to provide an overview of the effectiveness of the obfus- cation framework in avoiding antivirus detection. This study used experimental design to test and determine the effectiveness of the payload obfuscation process. The first step was generating Python and PowerShell payloads, followed by the obfuscation process. The results showed that by using the
right method of obfuscation, malware could become completely undetectable. The automatic obfus- cation process also did not deteriorate the malware’s function. It was proven that the malware could run and open a connection on the server. These findings required more Python obfuscator techniques to determine the effectiveness of the obfuscated payload on the target machines using both static and dynamic analysis
Downloads
Download data is not yet available.
References
[1] S. A. Ebad, A. A. Darem, and J. H. Abawajy, “Measuring Software Obfuscation QualityA Systematic Literature Review,”IEEEAccess, vol. 9, pp. 99 024–99 038, 2021.[2] M. Hammad, J. Garcia, and S. Malek, “A large-scale empirical study on the effects of code obfuscations on Android apps andanti-malware products,”Proceedings of the 40th International Conference on Software Engineering, pp. 421–431, 2018.[3] D. Samociuk, “Antivirus Evasion Methods in Modern Operating Systems,”Applied Sciences, vol. 13, no. 8, p. 5083, 2023.[4] J. Song, J. Kim, S. Choi, J. Kim, and I. Kim, “Evaluations of AIbased malicious PowerShell detection with feature optimiza-tions,”ETRI: Electronics and Telecommunications Research Institute Journal, vol. 43, no. 3, pp. 549–560, 2021.[5] F. Barr-Smith, X. Ugarte-Pedrero, M. Graziano, R. Spolaor, and I. Martinovic, “Survivalism: Systematic analysis of windowsmalware living-off-the-land,”Proceedings - IEEE Symposium on Security and Privacy, vol. 2021-May, pp. 1557–1574, 2021.
[6] A. Schaffhauser, W. Mazurczyk, L. Caviglione, M. Zuppelli, and J. Hernandez-Castro, “Efficient Detection and Recovery ofMalicious PowerShell Scripts Embedded into Digital Images,”Security and Communication Networks, vol. 2022, 2022.[7] F. Antony and R. Gustriansyah, “Deteksi Serangan Denial of Service pada Internet of Things Menggunakan Finite-State Au-tomata,”MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 21, no. 1, pp. 43–52, 2021.[8] F. A. Garba, K. I. Kunya, S. A. Ibrahim, A. B. Isa, K. M. Muhammad, and N. N. Wali, “Evaluating the State of the Art AntivirusEvasion Tools on Windows and Android Platform,”2019 2nd International Conference of the IEEE Nigeria Computer Chapter(NigeriaComputConf), pp. 1–4, 2019.[9] A. K. Kayani and M. Q. Saeed, “Comparative analysis of anti-virus evasion malware creator tools of kali linux, with proposedmodel for obfuscation,”2021 International Conference on Cyber Warfare and Security (ICCWS), pp. 24–29, 2021.[10] S. Talukder and Z. Talukder, “A Survey on Malware Detection and Analysis Tools,”International Journal of Network Security& Its Applications, vol. 12, no. 2, pp. 37–57, 2020.[11] Y. Fang, M. Xie, and C. Huang, “PBDT: Python Backdoor Detection Model Based on Combined Features,”Security andCommunication Networks, vol. 2021, 2021.[12] H. Patel, D. Patel, J. Ahluwalia, V. Kapoor, K. Narasimhan, H. Singh, H. Kaur, G. H. Reddy, S. S. Peruboina, and S. Butakov,“Evaluation of Survivability of the Automatically Obfuscated Android Malware,”Applied Sciences (Switzerland), vol. 12,no. 10, 2022.[13] S. Mirza, H. Abbas, W. B. Shahid, N. Shafqat, M. Fugini, Z. Iqbal, and Z. Muhammad, “A Malware Evasion Technique for Au-diting Android Anti-Malware Solutions,”2021 IEEE 30th International Conference on Enabling Technologies: Infrastructurefor Collaborative Enterprises (WETICE), pp. 125–130, 2021.[14] S. A. Aminu, Z. Sufyanu, T. Sani, and A. Idris, “Evaluating the effectiveness of antivirus evasion tools against windows plat-form,”Fudma Journal of Sciences, vol. 4, no. 1, pp. 112–119, 2020.[15] A. Johnson and R. J. Haddad, “Evading Signature-Based Antivirus Software Using Custom Reverse Shell Exploit,”Southeast-Con 2021, pp. 1–6, 2021.[16] F. A. Garba, F. U. Yarima, K. I. Kunya, F. U. Abdullahi, A. A. Bello, A. Abba, and A. L. Musa, “Evaluating Antivirus Eva-sion Tools Against Bitdefender Antivirus,” inProceedings of the International Conference on FINTECH Opportunities andChallenges, Karachi, Pakistan, vol. 18, 2021.[17] M. Tabassum, S. Mohanan, and T. Sharma, “Ethical Hacking and Penetrate Testing using Kali and Metasploit Framework,”International Journal of Innovation in Computational Science and Engineering, vol. 2, no. 1, pp. 09–22, 2021.[18] A. S. Adam and Z. Sufyanu, “Performance Comparison of PyRAT and Phantom Antivirus Software Evasion Tools,”SLUJournal of Science and Technology, vol. 2, no. 1, pp. 65–72, 2021.[19] S. Raj and N. K. Walia, “A Study on Metasploit Framework: A Pen-Testing Tool,”2020 International Conference on Compu-tational Performance Evaluation, ComPE 2020, pp. 296–302, 2020.[20] C. Leka, C. Ntantogian, S. Karagiannis, E. Magkos, and V. S. Verykios, “A Comparative Analysis of VirusTotal and DesktopAntivirus Detection Capabilities,”2022 13th International Conference on Information, Intelligence, Systems & Applications(IISA), pp. 1–6, 2022.[21] V. Ravi, S. Gururaj, H. Vedamurthy, and M. Nirmala, “Analysing corpus of office documents for macro-based attacks usingMachine Learning,”Global Transitions Proceedings, vol. 3, no. 1, pp. 20–24, 2022.
[6] A. Schaffhauser, W. Mazurczyk, L. Caviglione, M. Zuppelli, and J. Hernandez-Castro, “Efficient Detection and Recovery ofMalicious PowerShell Scripts Embedded into Digital Images,”Security and Communication Networks, vol. 2022, 2022.[7] F. Antony and R. Gustriansyah, “Deteksi Serangan Denial of Service pada Internet of Things Menggunakan Finite-State Au-tomata,”MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 21, no. 1, pp. 43–52, 2021.[8] F. A. Garba, K. I. Kunya, S. A. Ibrahim, A. B. Isa, K. M. Muhammad, and N. N. Wali, “Evaluating the State of the Art AntivirusEvasion Tools on Windows and Android Platform,”2019 2nd International Conference of the IEEE Nigeria Computer Chapter(NigeriaComputConf), pp. 1–4, 2019.[9] A. K. Kayani and M. Q. Saeed, “Comparative analysis of anti-virus evasion malware creator tools of kali linux, with proposedmodel for obfuscation,”2021 International Conference on Cyber Warfare and Security (ICCWS), pp. 24–29, 2021.[10] S. Talukder and Z. Talukder, “A Survey on Malware Detection and Analysis Tools,”International Journal of Network Security& Its Applications, vol. 12, no. 2, pp. 37–57, 2020.[11] Y. Fang, M. Xie, and C. Huang, “PBDT: Python Backdoor Detection Model Based on Combined Features,”Security andCommunication Networks, vol. 2021, 2021.[12] H. Patel, D. Patel, J. Ahluwalia, V. Kapoor, K. Narasimhan, H. Singh, H. Kaur, G. H. Reddy, S. S. Peruboina, and S. Butakov,“Evaluation of Survivability of the Automatically Obfuscated Android Malware,”Applied Sciences (Switzerland), vol. 12,no. 10, 2022.[13] S. Mirza, H. Abbas, W. B. Shahid, N. Shafqat, M. Fugini, Z. Iqbal, and Z. Muhammad, “A Malware Evasion Technique for Au-diting Android Anti-Malware Solutions,”2021 IEEE 30th International Conference on Enabling Technologies: Infrastructurefor Collaborative Enterprises (WETICE), pp. 125–130, 2021.[14] S. A. Aminu, Z. Sufyanu, T. Sani, and A. Idris, “Evaluating the effectiveness of antivirus evasion tools against windows plat-form,”Fudma Journal of Sciences, vol. 4, no. 1, pp. 112–119, 2020.[15] A. Johnson and R. J. Haddad, “Evading Signature-Based Antivirus Software Using Custom Reverse Shell Exploit,”Southeast-Con 2021, pp. 1–6, 2021.[16] F. A. Garba, F. U. Yarima, K. I. Kunya, F. U. Abdullahi, A. A. Bello, A. Abba, and A. L. Musa, “Evaluating Antivirus Eva-sion Tools Against Bitdefender Antivirus,” inProceedings of the International Conference on FINTECH Opportunities andChallenges, Karachi, Pakistan, vol. 18, 2021.[17] M. Tabassum, S. Mohanan, and T. Sharma, “Ethical Hacking and Penetrate Testing using Kali and Metasploit Framework,”International Journal of Innovation in Computational Science and Engineering, vol. 2, no. 1, pp. 09–22, 2021.[18] A. S. Adam and Z. Sufyanu, “Performance Comparison of PyRAT and Phantom Antivirus Software Evasion Tools,”SLUJournal of Science and Technology, vol. 2, no. 1, pp. 65–72, 2021.[19] S. Raj and N. K. Walia, “A Study on Metasploit Framework: A Pen-Testing Tool,”2020 International Conference on Compu-tational Performance Evaluation, ComPE 2020, pp. 296–302, 2020.[20] C. Leka, C. Ntantogian, S. Karagiannis, E. Magkos, and V. S. Verykios, “A Comparative Analysis of VirusTotal and DesktopAntivirus Detection Capabilities,”2022 13th International Conference on Information, Intelligence, Systems & Applications(IISA), pp. 1–6, 2022.[21] V. Ravi, S. Gururaj, H. Vedamurthy, and M. Nirmala, “Analysing corpus of office documents for macro-based attacks usingMachine Learning,”Global Transitions Proceedings, vol. 3, no. 1, pp. 20–24, 2022.
Published
2023-07-14
How to Cite
Aditiawarman, U., Dody, A., Mantoro, T., Maarif, H., & Pradiftha, A. (2023). Evading Antivirus Software Detection Using Python and PowerShell Obfuscation Framework. MATRIK : Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer, 22(3), 519-528. https://doi.org/https://doi.org/10.30812/matrik.v22i3.3088
Issue
Section
Articles
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
.png)
