Skipjack add Shannon entropy

cocomelonc · Sep 3, 2023 · 352e61c · 352e61c
1 parent b6f9663
commit 352e61c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/_posts/2023-08-28-malware-cryptography-20.markdown b/_posts/2023-08-28-malware-cryptography-20.markdown
@@ -475,6 +475,12 @@ Upload our sample `hack.exe` to VirusTotal:
 
 [https://www.virustotal.com/gui/file/442ce91c146901285ec02713f0c9e81065d037163351c38e8d169e77920fbe11/detection](https://www.virustotal.com/gui/file/442ce91c146901285ec02713f0c9e81065d037163351c38e8d169e77920fbe11/detection)      
 
+**As you can see, only 21 of 71 AV engines detect our file as malicious**       
+
+Shannon entropy:   
+
+![av-evasion](/assets/images/107/2023-09-04_02-24.png){:class="img-responsive"}      
+
 Of course, this result is justified by the fact that the method of launching the shellcode is not new, you can simply update the code of our PoC and implement only the decryption logic.    
 
 The Skipjack algorithm is known for its simplicity and efficiency in terms of both hardware and software implementations. It was designed with a focus on security and was intended for use in various applications, including government communications.    

diff --git a/assets/images/107/2023-09-04_02-24.png b/assets/images/107/2023-09-04_02-24.png