Treffer: Legacy Code, Live Risk: Empirical Evidence of Malware Detection Gaps.

Consistent detection of malicious loaders across varied programming languages and build tools remains a significant cybersecurity challenge. This study empirically measures how compiler and language choices affect the detectability of standard in-memory Windows loaders. We implement functionally equivalent loaders (allocate, copy, protect, execute) in C, C#, Fortran, and COBOL, embedding an identical x64 test payload to isolate behavior. Our results reveal significant detection gaps: loaders compiled in legacy languages (Fortran, COBOL) consistently evade static and dynamic antivirus engines that easily flag their C and C# counterparts. We demonstrate this evasion is not due to behavioral differences, but to compiler-specific static artifacts. These artifacts, such as interleaved zero-bytes in Fortran and fragmented payload-construction logic in COBOL, effectively break common signature matching. These findings indicate that many detection tools are overly sensitive to the static build surface rather than true semantic behavior. We provide actionable guidance favoring behavior-focused analysis, such as tracking API call order and memory protection changes, to address this critical legacy code blind spot. [ABSTRACT FROM AUTHOR]

Copyright of Applied Sciences (2076-3417) is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)