Better bypass

[ExecutivePrograms]

Hello,

I have submitted obfuscation error some days ago.

You told me that it gets detected since people scan it in Virus Total etc.

So to make it less detectable you shall create a discord server and create a channel for people who has starred the grabber.

It will make it less detectable because random people won't scan it on virus total and even if these people scan it there, theres much less people who'll scan it on virus total.

[Blank-c]

If it is scanned even a single time, it would get detected. I cannot prevent people to scan it. Sometimes the victims scan it too.

[ghost]

@Blank-c just use a fud pyinetaller

[Blank-c]

There is not anything like that.

[ghost]

@Blank-c try cx freeze or nukis py to exe

[Blank-c]

cxfreeze cannot generate single file executable, nuitka require backend C compiler and manual modifications during conversion and py to exe is just a front end for Pyinstaller (which Blank Grabber currently uses).

[noahmajors]

if you are looking to make any modifications to pyinstaller, replicate these steps (per executable generated). this method has been proven (for me) to reduce detections significantly.

1. python.exe -m pip uninstall pyinstaller this removes the public version of pyinstaller which many users just install from pip (blank installs it like this by default)

2. install c++ build tools from here if you havent already installed them. http://visualstudio.microsoft.com/vs/features/cplusplus/ this is needed for the next step

3. navigate to the official pyinstaller repo and download as zip http://github.com/pyinstaller/pyinstaller/releases

4. Unzip this to where you want Pyinstaller to be installed on your machine.

5. In CMD, cd to the install directory where you unzipped Pyinstaller. cd to the bootloader folder. if you know what you're doing, you can attempt to obfuscate pyinstaller before continuing, which may help your .exe stay undetected for longer)

6. python.exe ./waf all

7. cd to root Pyinstaller directory

8. python.exe setup.py install (make sure you pip install wheel before this step)

the grabber may or may not attempt to update pyinstaller, so for personal use, i recommend removing the pyinstaller value from requirements.txt before you build your exe.

hope this helps temporarily

[Blank-c]

use mingw instead of C++ build tools. It drops more detections.

[noahmajors]

would we be able to modify my steps above (using mingw) to automate this process into the grabber?

[Blank-c]

One can simply install mingw with gcc support (add to path too) and let wafscript handle that.

[Blank-c]

would we be able to modify my steps above (using mingw) to automate this process into the grabber?

I don't think it woukd be useful, it would take a lot of time.

[noahmajors]

while it would result in longer build times, it would help with detection status

[ghost]

Atleast it would be fud

[noahmajors]

not necessarily

[ghost]

@Blank-c and @noahmajors how does other grabbers get (almost) fud?

[Blank-c]

while it would result in longer build times, it would help with detection status

Also, even if we are compiling the bootloader, the archive appended to it would be the same. So I don't think it would be enough.

Try to do it yourself, see if the detection rate goes down.

[Blank-c]

@Blank-c and @noahmajors how does other grabbers get (almost) fud?

what are you talking about?

[noahmajors]

while it would result in longer build times, it would help with detection status

Also, even if we are compiling the bootloader, the archive appended to it would be the same. So I don't think it would be enough.

Try to do it yourself, see if the detection rate goes down.

When I last did this, it reduced detections by 3, including Defender. It was only valid for one VT scan before it became detected. I’m sure if we make some more in depth modifications, and perhaps some slight obfuscation, we could drop detections more

[Blank-c]

Lets instead make it as a green option in the grabber. It would only work if msvc or gcc is found in PATH.

[ghost]

@Blank-c and @noahmajors how does other grabbers get (almost) fud?

what are you talking about?

Some grabbers i saw have or claim to have fud

[Blank-c]

If you confirmed it yourself, do you have link for them?

If they just claimed, then there is no proof of it.