# AV Evasion & Obfuscation

## Sites

<table><thead><tr><th width="190.3636474609375"></th><th></th></tr></thead><tbody><tr><td><a href="https://kleenscan.com/index">Kleenscan</a></td><td>Not divulge any submitted sample to third parties.</td></tr><tr><td><a href="https://www.virustotal.com/gui/home/upload">VirusTotal</a></td><td>Once scanned, the platform sends our sample to every antivirus vendor that has an active membership.</td></tr></tbody></table>

## On-disk

* Packers
* Crypters
* Obfuscators
* Anti-debugging
* Anti-reversing
* VM / sandbox detection

## In-memory

* Remote Process Memory Injection
  * *attempts to inject the payload into another valid PE that is not malicious.*
* Reflective DLL Injection
  * *attempts to load a DLL stored by the attacker in the process memory.*
* Process Hollowing
  * *attempts to launch a non-malicious process in suspended state, remove its image from memory, and replace it with a malicious executable before resuming execution.*
* Inline hooking
  * *attempts to modify memory by introducing a hook into a function to redirect code execution to malicious code, then return to the modified function to resume normal execution.*