[qpok]

Hello,

Would it be possible to have a thread for code golfing to trigger the largest amount of FPs from AVs with the least amount of instructions possible?

[TETYYSs]

browse some yara rules and throw a dozen of them to one binary

[qpok]

browse some yara rules and throw a dozen of them to one binary

Well, one could consider that cheating (just take EICAR and declare yourself the winner), but there's still the golfing aspect: have the least amount of instructions or smallest binary to trigger FP.

[qpok]

Well, I just briefly tried throwing in an inline NOP asm to a cpp console app, and it triggered 3 behavioural detections, https://virustotal.com/fi/file/6f244cf2 ... 472377017/. Given there are some UWP imports... I've never taken a look at the compiler machinery that makes the c(pp) / asm work. But if an inline asm block triggers a detection, then maybe I should.

Code: Select all

int main()
{	
	_asm {
		nop
	}
    return 0;
}

[geoffreyvdb]

drop the EICAR string in there :D