NullCode1337
commented
2 years ago xd you don't wanna know how detected C# malware is
every noob makes malware in c#, so vt (among other systems) detect them a lot
Closed AzDemise closed 2 years ago
NullCode1337
commented
2 years ago xd you don't wanna know how detected C# malware is
every noob makes malware in c#, so vt (among other systems) detect them a lot
NullCode1337
commented
2 years ago i am planning a GOlang rewrite however
any other problems, feel free to reply
corecorecorecore
commented
2 years ago Idk man but why make it in C# if the whole point is to have it in python, what even is that question? "make it in another language, so much easier" That's not the purpose, the purpose is to learn and get better at what you're doing. He could code it in c++ omg even better but no, he chose python for a reason. I don't get this question, seems stupid to me I'm being honest
Sorry for reopening had to get that off my chest.
AzDemise
commented
2 years ago Every noob makes malware in c# how does that make sense when c# is a harder language then python not only that bit if you are making fresh malware in c# and it is detected then you are just pasting code and you do nto know the first part about making malware lol you do you I was just confused why you would use a worse language for no reason even though I am guessing you know c# pretty well
On Wed, Jan 26, 2022 at 3:53 AM NullCode @.***> wrote:
xd you don't wanna know how detected C# malware is
every noob makes malware in c#, so vt (among other systems) detect them a lot
— Reply to this email directly, view it on GitHub https://github.com/NullCode1337/NullRAT/issues/16#issuecomment-1021836813, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWHUMZG76C442W5GF6RFSNLUX5V25ANCNFSM5MZPPB7A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
corecorecorecore
commented
2 years ago Every noob makes malware in c# how does that make sense when c# is a harder language then python not only that bit if you are making fresh malware in c# and it is detected then you are just pasting code and you do nto know the first part about making malware lol you do you I was just confused why you would use a worse language for no reason even though I am guessing you know c# pretty well … On Wed, Jan 26, 2022 at 3:53 AM NullCode @.> wrote: xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWHUMZG76C442W5GF6RFSNLUX5V25ANCNFSM5MZPPB7A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you authored the thread.Message ID: @.>
please what
"C# im confused it would of been easier to make" you literally said that first no c# isnt actually that much harder and it will still be detected bc reversing it is the easiest thing on earth, theres so many c# codes making it new is just wasted time, an obfuscation will just make it even more detected useless comment there "worse language" Python is useful for a lot of stuff and has a lot of modules you can pre use which can bypass protection, in c# you would mostly have to recode those, why do useless work there If you really wanted to make something good with a nice language do C++ or a really new language or not known one. C# is (imo) the worst language to create code in after things like dnspy exist
bnt
AzDemise
commented
2 years ago Every noob makes malware in c# how does that make sense when c# is a harder language then python not only that bit if you are making fresh malware in c# and it is detected then you are just pasting code and you do nto know the first part about making malware lol you do you I was just confused why you would use a worse language for no reason even though I am guessing you know c# pretty well … On Wed, Jan 26, 2022 at 3:53 AM NullCode @._> wrote: xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWHUMZG76C442W5GF6RFSNLUX5V25ANCNFSM5MZPPB7A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you authored the thread.Message ID: _@_._>
please what
"C# im confused it would of been easier to make" you literally said that first no c# isnt actually that much harder and it will still be detected bc reversing it is the easiest thing on earth, theres so many c# codes making it new is just wasted time, an obfuscation will just make it even more detected useless comment there "worse language" Python is useful for a lot of stuff and has a lot of modules you can pre use which can bypass protection, in c# you would mostly have to recode those, why do useless work there If you really wanted to make something good with a nice language do C++ or a really new language or not known one. C# is (imo) the worst language to create code in after things like dnspy exist
bnt
Obfuscation only makes it more detected if you are using some known obfuscation if you crypt the file yourself its not going to be detected and why are you even mentioning dnspy when we are talking about obfuscation like I said if you crypt the file yourself and not just paste some known crypter then people are not going to be able to magically steal the source code from dnyspy, and you mention "has a lot of modules you can pre use which can bypass protection" In c# you have helpful nuget packages which can help bypass protection? you are acting like c# is a useless language for malware name me one successful piece of malware in python I doubt you could name more then 2 high level / state level malware coded in python where as in c# lots of very successful malware has been made.
AzDemise
commented
2 years ago I said it would of been easier to make the whole thing in c# since he already made the builder in c# so there was no point adding python since discord rats are way better in c# with a smaller stub size if you do not believe me I can show you projects I'm working on in c# the stub sizers are way smaller 2FDemise#3287
NullCode1337
commented
2 years ago Bruh i added the builder scripts after like 9 months into NullRAT I cant ve bothered to make it i C# The assemblies are more detected, easily decompilable, and thats pretty much it
Good luck on your projects
AzDemise
commented
2 years ago Fair enough
TheAirBlow
commented
2 years ago xd you don't wanna know how detected C# malware is
every noob makes malware in c#, so vt (among other systems) detect them a lot
You're a noob, because you don't know what proper packing and obfuscation is
TheAirBlow
commented
2 years ago Python is even easier to "decompile", it is literally stored in the executable in plain text
corecorecorecore
commented
2 years ago Python is even easier to "decompile", it is literally stored in the executable in plain text
False, there's a lot more ways to Obfuscate python code while leaving it undetected, there's no reason to code malware in c#, it will be detected doesn't matter the obfuscation.
corecorecorecore
commented
2 years ago xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot
You're a noob, because you don't know what proper packing and obfuscation is
Packing and obfuscation will make your malware detected, nice. Please do not comment useless stuff here if you're not going to help
TheAirBlow
commented
2 years ago xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot
You're a noob, because you don't know what proper packing and obfuscation is
Packing and obfuscation will make your malware detected, nice. Please do not comment useless stuff here if you're not going to help
Well, I have developed a RAT (which was never published and it has only the most basic functions). Malwarebytes detected it without obfuscation (VirusTotal), and with obfuscation Avast/AVG "detects" it because of obfuscation (which is very dumb as a lot of games are obfuscated, VirusTotal) With only the main binary being obfuscated and with Costura.Fody (do not remember if it was packed or not): VirusTotal With LZ4 packing, the malware is undetected by the most popular anti-malware solutions (VirusTotal)
Now shut the fuck up
TheAirBlow
commented
2 years ago Python is even easier to "decompile", it is literally stored in the executable in plain text
False, there's a lot more ways to Obfuscate python code while leaving it undetected, there's no reason to code malware in c#, it will be detected doesn't matter the obfuscation.
False, there's a lot more ways to Obfuscate C# code while leaving it undetected, there's no reason to code malware in python, it will be detected doesn't matter the obfuscation.
BTW, C# is compiled into IL code, which can be tampered to the level of making the binary unreadable at all. I mean, you would be able to decompile it, but you would get a lot of decompilation errors and you would need to read the raw IL instructions.
corecorecorecore
commented
2 years ago xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot
You're a noob, because you don't know what proper packing and obfuscation is
Packing and obfuscation will make your malware detected, nice. Please do not comment useless stuff here if you're not going to help
Well, I have developed a RAT (which was never published and it has only the most basic functions). Malwarebytes detected it without obfuscation (VirusTotal), and with obfuscation Avast/AVG "detects" it because of obfuscation (which is very dumb as a lot of games are obfuscated, VirusTotal) With only the main binary being obfuscated and with Costura.Fody (do not remember if it was packed or not): VirusTotal With LZ4 packing, the malware is undetected by the most popular anti-malware solutions (VirusTotal)
Now shut the fuck up
I don't see how it's undetected here, every AI AV will detect it as packed(please check your files on intezer) Thanks for being so rude in the end btw, hope you'll grow out of that phase asap
corecorecorecore
commented
2 years ago Python is even easier to "decompile", it is literally stored in the executable in plain text
False, there's a lot more ways to Obfuscate python code while leaving it undetected, there's no reason to code malware in c#, it will be detected doesn't matter the obfuscation.
False, there's a lot more ways to Obfuscate C# code while leaving it undetected, there's no reason to code malware in python, it will be detected doesn't matter the obfuscation.
BTW, C# is compiled into IL code, which can be tampered to the level of making the binary unreadable at all. I mean, you would be able to decompile it, but you would get a lot of decompilation errors and you would need to read the raw IL instructions.
Okay I don't see how that helps, you can fix those with Ida, there's far more decompile tools for c# than py, as much as c# is faster and overall better, it's not better for malware and never will be.
corecorecorecore
commented
2 years ago oh btw just to add, this 5 months old token grabber i made in 5 min in python
obfuscated exe still more UD than your c# stuff
NullCode1337
commented
2 years ago oh btw just to add, this 5 months old token grabber i made in 5 min in python
obfuscated exe still more UD than your c# stuff
yeah, literally c# is almost synonymous with malware nowadays, so they have a higher chance of it being detected
airblowjob's one has 27 detects, your one has 12
NullCode1337
commented
2 years ago to add insult to injury, even NullRAT with all protection options disabled (obfuscation and compression) has 18 detects, less than airblowjob
TheAirBlow
commented
2 years ago to add insult to injury, even NullRAT with all protection options disabled (obfuscation and compression) has 18 detects, less than airblowjob
Maybe it's because it is not a usual client <-> server RAT, but a Discord one?
TheAirBlow
commented
2 years ago oh btw just to add, this 5 months old token grabber i made in 5 min in python
obfuscated exe still more UD than your c# stuff
Detected by Kaspersky and Symantec while the best one of mine is not lol Still, not even a RAT, and hiding a token grabber is the easiest thing in the world.
TheAirBlow
commented
2 years ago xd you don't wanna know how detected C# malware is every noob makes malware in c#, so vt (among other systems) detect them a lot
You're a noob, because you don't know what proper packing and obfuscation is
Packing and obfuscation will make your malware detected, nice. Please do not comment useless stuff here if you're not going to help
Well, I have developed a RAT (which was never published and it has only the most basic functions). Malwarebytes detected it without obfuscation (VirusTotal), and with obfuscation Avast/AVG "detects" it because of obfuscation (which is very dumb as a lot of games are obfuscated, VirusTotal) With only the main binary being obfuscated and with Costura.Fody (do not remember if it was packed or not): VirusTotal With LZ4 packing, the malware is undetected by the most popular anti-malware solutions (VirusTotal) Now shut the fuck up
I don't see how it's undetected here, every AI AV will detect it as packed(please check your files on intezer) Thanks for being so rude in the end btw, hope you'll grow out of that phase asap
Check "With only the main binary being obfuscated and with Costura.Fody", and the only detection by popular antimalware is Wacapew (Windows Defender) which even you do have
corecorecorecore
commented
2 years ago Okay you're the better coder if you wanna hear that? C# is not better for malware, that's so obvious, I can put so much shit in my py script, then Obfuscate it and have like 5 detects bc of pyinstaller
Stop this shit please, we do not care
Why did you not make the whole thing in C# im confused it would of been easier to make with a smaller stub size more stealth and its easier to make better options and compiling is ez justuse mono.cecil or code dom compiler idk why you decided to use python