Some AV's are detecting the output bin as donut

TheWover / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

BSD 3-Clause "New" or "Revised" License

3.53k stars 628 forks source link

Some AV's are detecting the output bin as donut #92

Closed nerfirelia123 closed 3 years ago

nerfirelia123 commented 3 years ago

Other than encrypting the shellcode and decrypting it in memory is there any way to edit the bin to remove the .donut detections from Gdata and Fsecure and a few other AVs? Just lazy on their part to detect donut outputs regardless of the file being malicious or safe.

TheWover commented 3 years ago

Can you add a file/folder exclusion? I typically just add a folder exclusion in my AV engine for the donut folder where I'm working in to generate payloads.