Hiding from antivirus software is not rocket science.
I find this article worth a read. It is basically explaining how easy it is to fix a piece detectable code. Tricking the Antivirus software to “think” that it is the user doing specific actions, instead of a the actual “virus/dropper”, yields positive..well negative results in the detection rate… got that? 😉
The problem is that the antivirus software looks for usage of very specific actions, like using system calls to copy files or similar actions.
Even though this has implications in regards to hiding the software on the computer, it hides the specific actions done by the virus.
This way of hiding also makes the software slower, but if you have 1 target instead of millions, then speed is not as important as the ability to stay under the radar.
Even though this approach is simple, it will work to a certain extent and is worth a look. Though i do believe that techniques like encrypted code, polymorphic and metamorphic code will still be the general approaches for the people in the virus development industry.
Link Link Link