My Experience on Editing A Generated Backdoor's Code and uploading both Versions on Virus Total. Results are surprising!

Today I would like to share with you my experience on how the performance of security vendors in terms of catching a backdoor by just editing the code of a bat backdoor without changing its functionality. I have uploaded two versions of the same backdoor on my Kali Linux's website generated via TheFatRat and generated via Veil. Both of them are the generated backdoors using the same type of payload, which is a meterpreter payload and uses a reverse HTTPS connection in order to gain full access to the target machine. Both payloads are doing the same job the only difference is two of them are created as bat files via TheFatRat and the second one is an exe file created generated via Veil. In this case, I have compared TheFatRat's generated backdoors which do the same job, but I have readjusted the rev_http8080_fr.bat's codes on a text editor and then saved them as rev_https8080_updated.bat. Then, I compared both of them whether the detection on both files will differ while both are still doing the same job. The results were so exciting! This was the original code generated via TheFatRat.

When I uploaded this file to the VirusTotal, the results were terrifying for that backdoor since it can be caught by 19 of the security vendors.

Then, I just edited the code of the backdoor without changing its functionality and saved it as rev_https8080_updated.bat.

The changes in the results on VirusTotal surprised me!

As it can be seen just changing a backdoor generated as a bat file on the text editor will change the results on the security vendors drastically.

I have also tested both backdoors on my windows machine by opening and downloading both of the files to the computer and the result did not vary, both of the backdoors provided me full access to the target computer.