Can CIS detect/stop FUD crypters?

It is claimed that FUD crypters can make malware 100% fully undetectable.
Still, can these resulted malware be proactively detected by CIS?


Hi cocalaur,

Please define what you understand by “proactively detected”.

Thank you.

It is said that, once you put your piece of malware through
FUD, it can bypass all antiviruses.

I have indeed watched youtube videos in which one executed a malicious file which
had undergone FUD, uploaded it to online scanning services and (almost) all
AVs reported no threats.

for example: - YouTube
(and many others on youtube).

So, my question is: Would CIS be able to detect a malicious file that has “undergone”
FUD? (by means of proactive detection i.e. Defense+ or other component) ?

Detection can be bypassed (in some cases) but that’s not really a test. Also, applications with unusual routines (e.g. unusual compression) will most likely look suspicious in terms of detection.

To answer your question : Yes. More over, Viruscope is still a “new technology”.
I wanted to test such a sample. Apparently, someone already tried it here. (I’m not the author)

Hope it helps.

Also, HIPS and auto-sandbox (Defense+) doesn’t rely on detection, so the fact that it can’t detect the files means that it will treat them as unrecognized files by default and if HIPS is on then show alerts for what the file is trying to do, or if the auto-sandbox is on then it will sandbox the file.

I don’t understand the language in the video above so I’m not sure but it looks like the user allows the file to run outside the sandbox when answering the alert, but that’s just from what the alert looks like, I don’t understand the language so I can’t say for sure. Probably that was intention in order to test the AV and not the other modules of CIS.