diff --git a/_posts/2023-08-28-malware-cryptography-20.markdown b/_posts/2023-08-28-malware-cryptography-20.markdown
index 90531a5..6eb76e8 100644
--- a/_posts/2023-08-28-malware-cryptography-20.markdown
+++ b/_posts/2023-08-28-malware-cryptography-20.markdown
@@ -475,6 +475,12 @@ Upload our sample `hack.exe` to VirusTotal:
 
 [https://www.virustotal.com/gui/file/442ce91c146901285ec02713f0c9e81065d037163351c38e8d169e77920fbe11/detection](https://www.virustotal.com/gui/file/442ce91c146901285ec02713f0c9e81065d037163351c38e8d169e77920fbe11/detection)      
 
+**As you can see, only 21 of 71 AV engines detect our file as malicious**       
+
+Shannon entropy:   
+
+![av-evasion](/assets/images/107/2023-09-04_02-24.png){:class="img-responsive"}      
+
 Of course, this result is justified by the fact that the method of launching the shellcode is not new, you can simply update the code of our PoC and implement only the decryption logic.    
 
 The Skipjack algorithm is known for its simplicity and efficiency in terms of both hardware and software implementations. It was designed with a focus on security and was intended for use in various applications, including government communications.    
diff --git a/assets/images/107/2023-09-04_02-24.png b/assets/images/107/2023-09-04_02-24.png
new file mode 100644
index 0000000..573fe95
Binary files /dev/null and b/assets/images/107/2023-09-04_02-24.png differ