While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantecs AV signature, without interfering with any of the programs functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.
