Being on a mushrooming spree since at least 2013, malware can take a large toll on any system. In a perpetual cat-and-mouse chase with defenders, malware writers constantly conjure new methods to hide their code so as to evade detection by security products. In this context, focusing on the MS Windows platform, this work contributes a comprehensive empirical evaluation regarding the detection capacity of popular, off-the-shelf antivirus and endpoint detection and response engines when facing legacy malware obfuscated via more or less uncommon but publicly known methods. Our experiments exploit a blend of seven traditional AV evasion techniques in 16 executables built in C++, Go, and Rust. Furthermore, we conduct an incipient study regarding the ability of the ChatGPT chatbot in assisting threat actors to produce ready-to-use malware. The derived results in terms of detection rate are highly unexpected: approximately half of the 12 tested AV engines were able to detect less than half of the malware variants, four AVs exactly half of the variants, while only two of the rest detected all but one of the variants.

翻译：自2013年以来，恶意软件呈爆炸式增长，可能对任何系统造成巨大损失。在与防御者永不停息的猫鼠游戏中，恶意软件编写者不断构思新方法来隐藏代码，以逃避安全产品的检测。在此背景下，本研究聚焦于MS Windows平台，通过全面的实证评估，考察了主流商用杀毒软件及端点检测与响应引擎在面对经由不同程度罕见但公开已知方法混淆的传统恶意软件时的检测能力。我们的实验在16个用C++、Go和Rust构建的可执行文件中，混合使用了七种传统的防病毒规避技术。此外，我们还初步研究了ChatGPT聊天机器人辅助威胁行为者生成即用型恶意软件的能力。检测率方面的结果出人意料：在测试的12款杀毒引擎中，约有一半对不到半数恶意软件变体能够检测，四款引擎恰好能检测半数变体，而其余引擎中仅有两款检测出了除一个变体外的全部变种。