It's called a crypter/packer.
It encrypts the file and decrypts it at runtime moves to memory and runs it from there so av's cant scan the decrypted file.
I got bunch of them, however i wont share anything since they would get detected in 1 day as my other ones did which were public, not hard to make them undetected again though. *hint* HackHound.org *hint*
Those idiots who think there's a keylogger in the builder, (i haven't looked at this) usually the server file is inside the builder and its extracted when its built, so of course its detected.
And.. Go ahead and scan all your keyloggers and shit on virustotal, they send every suspicious file to antivirus companies and the shit will get detected within days/weeks. :wave:
btw.. NWC only has nice RATs.