1. Introduction
In the present day, the internet is widely accessible to people of all ages and backgrounds, allowing them to use it for communication, entertainment, and information acquisition. However, hackers also have access to the internet and can use malicious software to compromise user privacy and important files.
To protect against such attacks, users often install antivirus software that aims to reduce the risk of device infection. Downloading files from unknown sources, even well-known programs like web browsers, can lead to infection. Therefore, it is essential to download content from trusted and verified sources. If a suspicious file is downloaded, the antivirus software will typically display an appropriate message and move the infected file to quarantine, where it can be cleaned or deleted. User trust in antivirus software is essential, and regular updates of the signature database and the tool itself are important.
Hackers use various bypassing and evasion techniques to gain access to devices. Antivirus software developers continuously develop new security tactics and update signature databases to combat emerging threats. However, the increasing number of new viruses implies that current protection technologies may not always be sufficient [
1].
This article discusses popular bypassing techniques and tools that should be detectable by most antivirus programs but also shows that complex attack chains that combine evasion techniques can bypass modern and commonly-used antiviruses. The paper is structured into nine sections: introduction, related work, security mechanisms, evasion techniques, testing environment, results of research on bypassing antiviruses, discussion, conclusions, and further research directions.
2. Related Work
The issue of circumventing antivirus security measures starts with understanding the behavior of malware samples [
2]. A thorough analysis of malware is crucial for enhancing the operation of antivirus engines, ultimately improving user security and privacy. Techniques to bypass antivirus security measures have been developed since the inception of antivirus software. The perpetual competition between hackers and antivirus developers results in more advanced attacks.
In 2018, Kalogranis [
3] tested four tools, namely AVET, peCloack.py, Shellter, and Veil-Evasion, used to bypass antivirus software. Kalogranis’ results demonstrated that AVET and Veil-Evasion were efficient at bypassing antivirus software by 60%, while peCloack.py and Shellter were efficient at 40%.
In a subsequent paper [
4], the authors compared the effectiveness of antivirus software bypassing tools on the Windows operating system with Kalogranis’ work, extending the research. The authors repeated the tests on the tools used by Kalogranis, added a new antivirus bypass tool called TheFatRat, and used a payload generated with Metasploit to extend the research. Veil-Evasion and Shellter failed to bypass security. TheFatRat bypassed one, PeCloak.py four, while Avet bypassed five out of six antivirus software programs used.
Panagopoulos [
5] conducted a study on bypassing antivirus software, utilizing malware generation tools such as TheFatRat, Phantom-Evasion, Hercules, and Veil-Evasion in the tests. Phantom-Evasion was the most effective tool, achieving around 65% efficiency, followed by Hercules with around 47%, TheFatRat with 22%, and Veil-Evasion with the lowest efficiency within the range of limits of 10%.
Another work [
6] analyzed Bitdefender as one of the best antivirus solutions, and the developers decided to perform all tests only on this antivirus program. The malware generated was Remote Access Trojan (RAT), which was made available to the victim machine using the Apache server. Nine different antivirus bypass tools were tested, and the authors considered not only whether RAT would be detected by antivirus devices but also whether the antivirus would block the triggered Meterpreter session activated by RAT. The effectiveness of these tools was presented as a percentage of the number of methods used for a given tool.
The use of malware and other malicious software is a persistent threat to computer systems, and as a result, antivirus software has become an essential tool for protecting against these threats. However, as antivirus software becomes more advanced, so do the techniques used to bypass it. We explored research related to state of security of antivirus tools. There is also current research on anti-antivirus techniques.
In [
7,
8], authors presented a technique of obfuscation that involves modifying the code of a piece of malware to make it more difficult to detect. The modifications may include changing variable names, adding extraneous code, and using encryption to hide the true function of the code. Researchers have developed various tools for detecting obfuscated code, but the effectiveness of these tools depends on the level of obfuscation used.
In [
9], the researchers presented trends in antivirus evasion techniques, while [
10] proposed new details for fileless malware, a type of malware that does not rely on a file to infect a system. Instead, it resides in the system’s memory, making it more difficult to detect. This technique has become more popular in recent years as antivirus software has become better at detecting traditional file-based malware.
In [
11,
12], the authors focused on polymorphic malware, which is a type of malware that can change its code on the fly to evade detection. This technique involves creating multiple variants of the malware, each with a different code signature. When the malware is executed, it selects one of the variants at random and executes it. This makes it more difficult for antivirus software to detect the malware, as each variant has a unique code signature.
Finally, Ref. [
13] covered standard signature evasion, while [
14] researched detection of malware run as a virtual machine.
From the literature review, it can be concluded that, while no antivirus is infallible, antivirus software bypass tools have their advantages and disadvantages. As observed, there is a significant difference in the effectiveness of certain antivirus software bypassing tools, which can be attributed to various factors such as research measures, test execution dates, the difference in masked malware, its version, the version of the tested antivirus software, and even the pool of tested antivirus solutions. Antivirus tools and tools designed to bypass them engage in an intense war, where one party exploiting the other’s disadvantage can lead to a significant difference in results.
As shown, individual bypassing of antiviruses has been studied in the past for old versions of antiviruses. However, to the best of author’s knowledge, to date, there has been no comprehensive research conducted on the combination of multiple antivirus bypass techniques. Although individual techniques have been studied and developed, the analysis of their effectiveness in combination has yet to be explored. Given the constantly evolving nature of malware and antivirus software, it is essential to investigate how various techniques can be combined to bypass multiple layers of protection. This research can contribute to improving the understanding of the vulnerabilities in antivirus software and developing more robust and effective security measures.
6. Experimental Procedures and Results for Antivirus Bypass Mechanisms
In order to analyze the effectiveness of antivirus bypass mechanisms, tests were conducted on various antivirus software programs as well as tools developed to combat them. The focus of this section is to present the procedures for and results of these tests.
Attack flow is presented in detail in
Figure 1. The first condition that a masking tool must meet to be effective is to bypass static scanning. This means that the software delivered to the victim’s machine must be able to bypass the initial static scan to check whether the file is infected or not before the infected file is launched. If the software is detected at this stage, it is pointless to proceed, as the attacker’s primary goal is to break through the antivirus defenses and enter the victim’s system unnoticed. The second condition for an effective masking tool is to establish a connection to the meterpreter console while the malware is running on the victim’s machine.
The research was repeated with the latest versions of both attack tools and antivirus software. In addition, the generated malware was also scanned using the antiscan.me online scanner to visualize the results for even more antiviruses. Usage of multiple antiviruses minimizes the risk of bias of chosen AVs in VM tests. From the obtained results, it can be concluded that, in fact, the best-performing antiviruses were used as stated by [
50]. However, scans on virtual machines were given priority during the research. Both the antivirus and malware masking software were downloaded on the same day, meaning that they were the latest versions at the time of testing. However, during re-examination, only the antivirus software was updated to verify whether the results would differ after the antivirus update and whether the antivirus would recognize the old threat over time or not.
Overall, these experimental procedures and results provide valuable insights into the effectiveness of antivirus bypass mechanisms and the importance of staying up to date with the latest versions of antivirus software.
The payload obtained with the Msfvenom tool on Kali Linux was generated as a default file and used as a reference for subsequent tests without any modifications. The payload was then delivered to each of the virtual machines to assess the ability of modern antivirus software to detect it. It was found that all 6 tested software programs immediately detected the potential threat, making it an ideal object for testing other tools. In contrast, an online scan of the payload revealed that only 20 out of 26 available antivirus engines were able to detect the threat, suggesting that the remaining 6 engines may have poor protection and may not be widely used. The same generated payload was used in all test cases; however, each framework modified it in different combinations of evasion mechanisms. In this way, we compared combinations of antiviruses evasion mechanisms and not the sophistication of the payload itself.
The decision to test free antivirus software was based on a study of nearly 2000 respondents who indicated that users prefer the basic version over the paid one [
51]. The choice of antivirus software for testing was informed by a 2021 report from AV-Comparatives [
50], which presented the best-performing antivirus programs according to their tests. To maintain confidentiality and prevent misuse by potential hackers, the author of this work uses the acronyms AV1-AV6 to refer to the specific antivirus programs tested. Whole topology, dependencies and connections are presented in
Figure 2. All VMs were created on single computer and with a shared hub-like connection to ensure that there were no other security or networking mechanisms blocking malware, such as a firewall or misconfigured routing.
To begin the research, the latest version of the popular malware bypass tool, Hyperion, was downloaded and installed. The research consisted of three distinct parts. First, the payload generated previously was encrypted using Hyperion. The second part involved running the encrypted file in a hex editor to modify specific characters, changing commands to their direct equivalents rather than changing execution flow, in order to generate different hashes/signatures of the payload file. Finally, a new payload was generated using Msfvenom, this time utilizing the Shikata Ga Nai encoder on the payload. The already-encoded file was then subjected to Hyperion’s encryption. In the end, all three infected files underwent antivirus scanning and online scanning to assess their effectiveness. Hyperion, being one of the oldest and most widely-used malware bypass tools, was chosen as the starting point for the research.
We used Y/N notation to represent whether the attack was detected (Y) or not (N). As presented in
Table 1, the experimentation of expanding the basic payload with encryption or modifying the Hyperion code with a hex editor did not yield significant results for either static scan (S) or for run-time/active state (A). This is likely due to the fact that Hyperion, being an older software created in 2012, is relatively outdated compared to Msfvenom; therefore, similar results were expected. While obfuscation techniques were once effective, contemporary antivirus software has developed heuristic or behavioral detection capabilities that can identify even minor changes in the signature appearance. Notably, one antivirus engine was deceived during online scanning more than with the basic payload. This suggests that, while these basic mechanisms may not be effective against the best software on the market, they may have minimal impact on smaller software producers. In conclusion, it can be stated with confidence that none of the aforementioned tools are currently effective, thus leading to the abandonment of further experimentation with Hyperion.
TheFatRat has been available for a considerable period of time and has a relatively large community, unlike Hyperion. The source code is accessible on GitHub and is regularly updated, which enhances its prospects of evading antivirus software. For the purpose of the study, the research focuses on the solutions that use the same payload as the one initially generated. TheFatRat uses Msfvenom to generate the reverse TCP payload, preserving the idea of the research. After installation and execution of TheFatRat in the console, the sixth option, PwnWinds, was selected from the menu to generate payloads for testing. The first was a file generated in the .bat extension based on PowerShell code, and the second was identical except for the selected port (all previous payloads were functioning on port 8080, whereas this one was set to port 4444). The option that generates a file with an .exe extension based on C# and PowerShell was then selected, followed by a file with an .exe extension based on the C language. To proceed, it was necessary to convert the .bat file to .exe using BatToExe Converter. After generating all the necessary files, the scanning process began.
The results presented in
Table 2 are noteworthy. From the table, it is apparent that AV6 performed poorly in the comparison. It was unable to handle payloads generated using C and PowerShell languages. Interestingly, 8 months after the test, AV6 performance remained the same. However, it should be noted that only the static scan level was considered, and it was not possible to establish a meterpreter connection. Furthermore, the payload generated in pure C was also able to evade detection by AV6. A crucial observation is that a payload generated in the .bat extension using PowerShell was more likely to be detected when listening on port 8080 than on port 4444, which is the default port for attacks by various trojans. This finding may suggest that port 8080 was frequently used for attacks in the past, as it is the port commonly used by web browsers. As a result, processes launched by infected files may not have attracted much attention, and, consequently, antivirus developers may have been less attentive to this port in the past. However, half of the tested antiviruses did not detect the static load on port 4444 at the level of static scans.
Due to the longevity of research and the successful evasion of antiviruses, the authors decided to redo all tests after eight months, with updated version of antiviruses and their databases. The installed antivirus updates rendered all six tested antiviruses immune to the old threat. This indicates that antivirus updates are necessary and effective, as evidenced by the results of the online scan. From the results, it can be inferred that the antiviruses tested eight months ago were less effective than the newer ones, except for the generated .bat file that returned worse results in the second study, possibly due to a scan error or a problem with the software engine vendor. In conclusion, the only effective tool appears to be the payload generated in TheFatRat, based on the C language and PowerShell, but only when confronted with the AV6 antivirus.
In another study, we utilized Shellter software to inject a generated payload into a potentially safe program. The process began with downloading an appropriate program that would serve as the host for the payload injection. From a security point of view, the process should be not malicious. Standard processes without changes should not be flagged by antiviruses. The reason for utilizing Shellter was to change not-malicious process into malicious ones, hopefully also bypassing antiviruses. ColorPix was identified as a suitable program for this purpose, given its functionality as a color retrieval tool that does not require installation. However, we should note that any file will render, in most modern cases, the same results, as the process is not tested but the structure is, which has changed from the antivirus point of view. In other words, the payload should be detected, not the transportation mechanism—in this case, usage of ColorPix. Using Shellter, the basic payload was successfully injected into the downloaded program. To evaluate the effectiveness of the injected payload, we subjected it to static scans by six different antivirus software programs. Surprisingly, as shown in
Table 3, the injected payload was able to evade detection by five of the six tested antivirus software programs, with only AV5 exhibiting immunity to the injected payload. These results suggest that Shellter software can be an effective tool for evading antivirus software detection, at least at the static scan level.
The experiment was repeated using the same payload configuration but with a .raw extension. The results were even more alarming, with half of the tested antiviruses cheated at the static scanning level, and the other half completely fooled, allowing Shellter to establish a connection to the meterpreter console and run directly on the victim’s machine. Subsequent testing after an eight-month interval, with updated software and databases, revealed that the antivirus software had improved in detecting the payload. Only AV4 at the static scan level and AV3 at the static scan level and launch level were deceived by the payload based on the .raw extension. Shellter has the potential to deceive signature-based scanning by injecting payloads into countless programs, with each program displaying a different injected payload. Additionally, it pays little attention to the processes it employs, meaning it is able to deceive most static scanners, and potentially can deceive behavioral or heuristic scans. The study demonstrates that Shellter is an effective tool, initially fooling half of the antivirus software tested, but only one after a few months. This underscores the importance of installing appropriate antivirus updates.
Veil-Evasion is a framework similar to TheFatRat software that provides numerous solutions for bypassing antivirus security. Veil-Evasion has a significant following on GitHub, but the framework has not been updated since 2020, which may suggest a lack of active development. To test Veil-Evasion’s effectiveness, three variants of generated payloads using Msfvenom were selected for study. The Veil-Evasion study was divided into three parts, including testing the basic payload generated in Python, generating the payload based on PowerShell and Bash, and manually editing the previously-generated payload with a hex editor. The results, shown in
Table 4, indicate that each tested antivirus was effective in threat detection. Differences were observed in online scans, where the Python-based payload was more frequently detected by antivirus scanners. The other two payloads had similar results, but an interesting situation emerged in re-testing after eight months with up-to-date antiviruses. As expected, more scanners detected the threat, but during this period, the payload generated with PowerShell and Bash was caught by one more scanner than the one that was manually edited in the hex. This finding suggests that some antivirus software did not receive an update, or it may be a distortion from the online scan site.
In order to be comparable to previous research and to allow for other researchers to reconstruct the authors’ tests, the criteria for assessing the effectiveness of the masking tool and antivirus software are similar to those described in previous research. Assigning penalty points for failure to detect malware in static and dynamic scan is a state-of-the-art methodology and thus was used in the research. Instead of using quality measurements or other kinds of rankings, penalty points are direct values that can be compared with past research and can be used by other researchers or in future work. If the antivirus does not detect the malware during the static scan level, it receives one penalty point. If the antivirus does not detect the malware during the static and dynamic scan levels, it receives two penalty points. Similarly, if the payload is not detected during the static scan level, it receives one point, but if it completely bypasses antivirus security and connects to the meterpreter session, it receives two points. The more points the antivirus software receives, the less effective it is. Alternatively, the more points the masking technique obtains, the more dangerous it is.
Table 5 displays the effectiveness of the tested tools, with Shellter ranking as the most dangerous tool in the first two positions: first with a raw load and second with a basic load. TheFatRat with the payload generated using the C language and PowerShell remains in third place, while the other tested mechanisms appear to pose only a slight threat. It should be noted that the tested tools offer many more possibilities and modifications, but this study focuses on the simplest and most accessible solutions available on the web. This highlights the fact that even with limited knowledge, a potential attacker has all the tools necessary to threaten an unsecured user.
To complete the study, older versions of the AV2 antivirus software were tested. Versions 2008 and 2016 were obtained from the website oldversions.com and installed on virtual machines. After installation, infected files were sent to the virtual machines, and the malware scanning process was initiated. The results, as shown in
Table 6, indicate that the older antivirus software was unable to detect the threat, even in the case of the basic payload. This is expected, as Msfvenom was developed much later. However, AV2 from 2016 was able to detect only basic threats, which is consistent with the fact that all payloads that were not identified either appeared after 2016 or had multiple updates after that year.