In this method we will be exploiting the time deadline of AV products. In most cases AV scanners are being designed for end user, they need to be user friendly and suitable for daily usage this means they can’t spend too much time for scanning files they need to scan files as quickly as possible. At first malware developers used “sleep()” function for waiting until the scan complete, but nowadays this trick almost never works, every AV product skips the sleep function when they encountered one. We will use this against them , below code uses a win API function called “GetThickCount()” this function “Retrieves the number of milliseconds that have elapsed since the system was started, up to days.” we will use it to get the time passed since OS booted, then try to sleep 1 second, after sleep function we will check weather sleep function is skipped or not by comparing the two GetTickCout() value.
The next scene shows Pulaski kicking a grounded Pendelbury, who is being assaulted for threatening to expose Tenpenny and Pulaski's illegal activities. Tenpenny orders Hernandez over to him. Tenpenny picks up a gun and then orders Hernandez to shoot Pendelbury. Hernandez pleads with Tenpenny not to make him do it. Tenpenny questions Hernandez's loyalty and asks him who's side he's on. Hernandez says he's on Tenpenny's side, to which Tenpenny tells him to be a man. Tenpenny then tells Hernandez that it's either kill or be killed. Hernandez grabs the gun and walks over to Pendelbury. Pulaski orders him to pull the trigger. Hernandez hesitates but finally shoots Pendelbury, killing him.