win32 api detects:
nt/zw api's in x3.xem
Also try removing PE header.
Dunno if this will help, I have no experience in the actual making of a bypass.
Code:
MessageBox GetAsyncKeyState
Code:
NtQueryInformationProcess NtQueryVirtualMemory NtReadVirtualMemory NtQueryInformationThread NtCreateFile NtReadFile NtOpenFile NtQueryInformationFile NtSetInformationFile NtWaitForSingleObject NtTerminateProcess NtWow64QueryInformationProcess64 NtWow64QueryVirtualMemory64 NtWow64ReadVirtualMemory64 ZwOpenDirectoryObject ZwQueryDirectoryObject ZwClose LookupPrivilegeValueW AdjustTokenPrivileges OpenProcessToken SeDegubPrivileges
Dunno if this will help, I have no experience in the actual making of a bypass.