Static Analysis

Windows Defender

You can use DefenderCheck to split in a binaries into pieces, identifying the parts that trigger a detection.

Another tool would be Find-AVSignature for this (gist):

. .\Find-AVSignature.ps1;Find-AVSignature -StartByte 0 -EndByte max -Interval 10000 -Path C:\Users\xct\payload.exe -OutPath C:\Users\xct\out -Verbose -Force
PreviousObfuscationNextConcepts & Research

Last updated