Ok so here's my problem. I'm trying to make a RAT undetected by Avira with Assembly Ghostwriting using Hex Workshop, problem is, the Virus Signature that Avast detected seems to be the file padding(?).
-> The Highlited part is the (by Heuretics) as Crypted detected Virus signature (suspicious, not as a threat)!
-> Only the very last Byte of the executable got detected as a Backdoor (by Static Binary Analysis) (threat)!
-> In this case that would be Hex Value 44
Now this seems very strange to me, first because what has been detected seems to be the padding which, afaik is empty code (or is it?), and secondly because only the very last Byte got detected as a trojan.
I tried changing the padding (which im not even sure if that's a string or not) to lowercase to change the Hex Code and spoof the AV; didn't work. Also tried deleting all of the highlighted Hex Code and executing it, but it told me that it was an invalid win32 executable.
Anybody got any ideas?