ANTIVIRUS PERFORMANCE EVALUATION AGAINST POWERSHELL OBFUSCATED MALWARE
DOI:
https://doi.org/10.17770/etr2024vol4.8201Keywords:
AMSI Evasion, Antivirus bypass, Defense Evasion, EDR Evasion, PowerShell Obfuscation, Undetected PayloadAbstract
In recent years, malware attacks have become increasingly sophisticated, and the methods used by attackers to evade Windows defenses have grown more complex. As a result, detecting and defending against these attacks has become an ever more pressing challenge for security professionals. Despite significant efforts to improve Windows security, attackers continue to find new ways to bypass these defenses and infiltrate systems. The techniques covered in this paper are all currently active and effective at evading Windows defenses. Our findings underscore the need for continued vigilance and the importance of staying up to date with the latest threats and countermeasures.Downloads
References
P. Shijo and A. Salim, “Integrated Static and Dynamic Analysis for Malware Detection,” in International Conference on Information and Communication Technologies, 2015.
A. B. Ajmal, A. Anjum, A. Anjum and M. A. Khan, “Novel Approach for Concealing Penetration Testing Payloads Using Data Privacy Obfuscation Techniques,” in IEEE 18th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET), Karachi, Pakistan, 2021.
F. Pecorelli, F. Palomba, D. D. Nucci and A. D. Lucia, “Comparing Heuristic and Machine Learning Approaches for Metric-Based Code Smell Detection,” in IEEE/ACM 27th International Conference on Program Comprehension (ICPC), Montreal, QC, Canada, 2019.
Ö. Aslan and R. Samet, “A Comprehensive Review on Malware Detection Approaches,” IEEE Access, vol. vol. 8, pp. 6249-6271, 2020.
M. J. e. a. Faruk, “Malware Detection and Prevention using Artificial Intelligence Techniques,” in IEEE International Conference on Big Data (Big Data), Orlando, FL, USA, 2021.
A. Sharma, B. B. Gupta, A. K. Singh and V. Saraswat, “Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense,” Computers & Security, vol. Volume 115, 2022.
N. Miramirkhani, M. Appini, N. Nikiforakis and M. Polychronakis, “Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts,” in IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 2017.
D. Hendler, S. Kels and A. Rubin, “Detecting Malicious PowerShell Commands using Deep Neural Networks,” in ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, 2018.
A. Al-Hakimi and A. Bakar Md Sultan, “Hybrid Obfuscation of Encryption,” IntechOpen, 2023. [10] K. Oosthoek and C. Doerr, “SoK: ATT&CK Techniques and Trends in,” in In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks SecureComm 2019, 2019.
H. Xu, Y. Zhou and J. Ming, “Layered obfuscation: a taxonomy of software obfuscation techniques for layered security,” Cybersecurity 3, 9, 2020.
O. Or-Meir, N. Nissim, Y. Elovici and L. Rokach, “Dynamic Malware Analysis in the Modern Era—A State of the Art Survey,” ACM Computing Surveys, vol. vol. 52, 2019.
Sudhakar and S. Kumar, “An emerging threat Fileless malware: a survey and research challenges,” Cybersecurity 3, 1, 2020.
J. Singh and J. Singh, “Challenge of Malware Analysis: Malware obfuscation Techniques,” International Journal of Information Security Science, vol. 7, no. 3, pp. 100-110, September 2018.
C. Kalogranis, AntiVirus Software Evasion: An Evaluation of the AV Evasion Tools. Ph.D. Thesis, Piraeus, Greece,: University of Piraeus, Department of Digital Systems, 2018.
S. Aminu, Z. Sufyanu, T. Sani and A. Idris, “Evaluating the effectiveness of antivirus evasion tools against windows platform,” FUDMA Journal of Sciences Vol. 4 No. 1, pp. 89-92, 2020.
D. Samociuk, “Antivirus Evasion Methods in Modern Operating Systems,” Applied Sciences, vol. 13(8):5083, 2023.
F. Garba, F. Yarima, K. Kunya, F. Abdullahi, A. Bello, A. Abba and A. Musa, “Evaluating Antivirus Evasion Tools AgainstBitdefender Antivirus,” in In Proceedings of the International Conference on FINTECH Opportunities and Challenges, Karachi, Pakistan, 2021.
G. D. C. D. &. B. G. Bernardinetti, “PEzoNG: Advanced Packer For Automated Evasion On Windows.,” Journal of Computer Virology and Hacking Techniques 18, p. 315–331, 2022.
N. S. Mittal, “week of powershell shells day 1,” May 2015. [Online]. Available: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html. [Accessed July 2023].
D. Hendler, S. Kels and A. Rubin, “AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings,” in In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (ASIA CCS '20), New York, NY, 2020.
M. Mimura and Y. Tajir, “Static detection of malicious PowerShell based on word embeddings,” Internet of Things, vol. Volume 15, 2021.
D. Ugarte, D. Maiorca, F. Cara and G. Giacinto, “PowerDrive: Accurate De-obfuscation and Analysis of PowerShell Malware.,” in In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA, 2019.
J. Klasmark, Detecting PowerShell Obfuscation Techniques using Natural Language Processing, Dissertation, KTH Royal Institute of Technology, 2022.
A. Rousseau, “Hijacking .NET to Defend PowerShell,” Malware Research and Threat Intel, 2017.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Radostin Dimov, Zhaneta Savova
This work is licensed under a Creative Commons Attribution 4.0 International License.