How I got zero detections on virus total
In a few words It’s simply both a static and dynamic malware analysis platform that uses “Yara based” rules to statically identify malware and a “juju box” to dynamically analyze it. People are trying to bypass virus total in order to deploy malware on their target systems in order to get some sort of valuable information out or simply to encrypt files and demand a ransom payment.
There’s typically a lot of ways to do this but if you make a malware that is new and unique instead of copying others, you get rewarded with low detections. When people make malware public they say: “DO NOT UPLOAD TO VIRUS TOTAL” which implies that if their malware gets just a single detection, all the other antivirus vendors will get alerted and the executable will get flagged as malicious.
That number above is only going up, as this file has been scanned 3 hours ago and all those green “Undetected” antivirus vendors will be alerted and given the file sample. The number of detections will go up over time and eventually each antivirus vendor will have a copy of the file and set of rules to identify it. Antivirus companies pay virus total for rules list identifying common malware samples uploaded to the service.
