AMSI Raccoon Lab
The World's Most Intentionally Terrible Antivirus Scanner — an educational platform for understanding antimalware detection and evasion techniques.
43
Challenges
6
Categories
43
Solutions
Challenge Categories
Signature Detection Bypass
Evade static string matching by transforming, encoding, or fragmenting known malware signatures.
Non-Printable Ratio Bypass
Defeat the scanner's non-printable byte analysis through encoding, padding, and size manipulation.
Small Executable Bypass
Circumvent the small executable heuristic that flags tiny files with suspicious extensions.
Extension Heuristic Bypass
Exploit weaknesses in extension-based file type detection using Unicode tricks, ADS, and polyglots.
AMSI Bypass
Disable or circumvent the Windows Antimalware Scan Interface through memory patching, hijacking, and more.
Getting Started
New here? Learn how the scanner works, set up your environment, and tackle your first challenge.
How It Works
The AMSI Raccoon Lab scanner implements 6 detection checks with intentional weaknesses:
| Check | Method | Action | Exploitable? |
|---|---|---|---|
| 1 | Signature Scan (7 known strings) | BLOCKS | Yes |
| 2 | Extension Heuristic (11 extensions) | Warning only | Yes |
| 3 | Non-Printable Ratio (>40%, files >= 64B) | BLOCKS | Yes |
| 4 | Small Executable (<32B + suspicious ext) | BLOCKS | Yes |
| 5 | Suspicious Pattern (IEX, WebClient…) | Warning only | Yes |
| 6 | Entropy Check (>7.2 bits/byte, >= 128B) | Warning only | Yes |
Note: This is NOT production security software. It is an educational tool designed for understanding antimalware evasion techniques in a safe, controlled environment.
Quick Start
# Clone the repository
git clone https://github.com/yourusername/MostShittyAV.git
# Build the scanner
nimble build
# Scan a file
.\nim_antimalware_sim.exe scan <file>
# Try your first challenge!
# Edit a script to bypass signature detection
Browse the Challenges to begin, or check the Architecture page to understand the scanner internals.