AnErrupTion/LoGiC.NET

AV Detections caused by obfuscation

Simon-Davies opened this issue · 2 comments

The obfuscation causes these AV detections:

image

Those are heuristic results, which mean that they use "logic" to determine if a file looks suspicious or not (to make it simple). Unfortunately we can't really avoid that, obfuscators will always generate false positives in one or more AVs, sadly.

I have removed both AV detections by commenting out one of the Protections :)

            Protection[] protections = new Protection[]
            {
                new Renamer(),
                new AntiTamper(),
                new JunkDefs(),
                new StringEncryption(),
                new AntiDe4dot(),
                new ControlFlow(),
                //new IntEncoding(),
                new ProxyAdder(),
                new InvalidMetadata()
            };