How extremly easy is to to cheat AV protection

Link to original article (in polish) with pictures here:

Google translation:

Modern antivirus programs are faced with many problems and limitations. Require continuous updating, consume valuable system resources, and sometimes even cause the immobilization of the whole system as a result of false detection . In addition, they are far from the hundred per cent efficacy! Here is a simple example of how banal in a way you can trick known antivirus programs.

Consider a simple program fgdump , Which allows the extraction of password hashes from SAM Windows-base. This program is available here (beware, your antivirus for some to recognize it as a threat - a Trojan), is detected by most antivirus programs as malware would do so well in our tests. Due to the excellent service Virustotal we have access to an automatic scanner equipped with 41 most popular anti-virus engines, so let us check our program fgdump in its original form ( here are the result of the scan):

As we see, 38 of 41 anti-virus software recognizes as a threat.

Let’s see now whether the antivirus software will give a contemporary take on a simple trick. Using Resource Hacker now introduce small changes in our test program. First, using the Resource Hacker and save wyciągnijmy of resources for some applications such as file WINWORD.EXE:

Then the program Resource Hacker to open our program to test and choose fgdump Action \ Add a new resource …

Icon_1 choose a file previously extracted from Word:

Yes crafted file then save under the name fgdump2. Now let’s try to scan just created an executable file with Virustotal services ( here are the result of the scan):

It appears, therefore, that when you add another icon to the resource, only 23 anti-virus programs were able to correctly identify our program! That simple trick misled among other well-known antivirus companies:


This simple experiment clearly reveals the shortcomings of modern-generation antivirus. Although the executable code contained in the file has not been amended, many security programs have failed to detect threats. Certainly this is due to the weakness sygnaturowych detection methods. On the other hand, many programs (interestingly, most of the less known) could not be taken in by this simple trick.

In conclusion, we can not trust the end of today’s generation of antivirus software, since their effectiveness is still in many cases disappointing. Unfortunately, however, there is not likely in the near future a significant improvement in this area.

its very old reshackers … its totaly detected, run the malware, and it is detected.

I didn’t test this by myself.

Article is describing that if one extract resoruces (by Resorce Hacker) from let say Winword exe and import them to malware/virus (in this case fgdump executable) it won’t be recognized by AV protection from some vendors.