A
A
armadillo-cld2020-07-27 20:09:18
Malware
armadillo-cld, 2020-07-27 20:09:18

How is there PE file data that doesn't change?

Hello.
I want to write something like an antivirus for one virus, but I can't figure out how to detect it? The matter is that in a virus it is possible to specify any data. The path where it will be saved, etc. I'm going to run through the processes and compare with some PE information, but raw data etc. is not suitable, because after UPX or any other protector - they change. What data can be used to accurately determine that this is the file?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
SKEPTIC, 2020-07-27
@armadillo-cld

No way. If everything were so simple, then the virus industry would not have earned so much. And the antivirus industry.
Now antiviruses apply complex measures. For example, monitoring traffic, tracking strange calls to the operating system API, analyzing the operation of the program code, etc.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question