Which tactic involves compiling malware from source and choosing different compiler options to avoid AV detection?

This targets the idea of evading antivirus by altering the malware’s binary fingerprint through customized builds. By compiling from source and changing compiler options (different optimization levels, libraries, or even using a different compiler), each build can produce a distinct executable even from the same source. Antivirus signatures and hashes are often tied to a specific binary layout and byte sequence, so changing how the code is compiled changes those fingerprints and can help the sample slip past simple, signature-based detections. This is why building the malware with custom compilation settings is the correct approach. Encoding the payload tries to hide content but doesn’t inherently change the executable’s overall fingerprint in the same way, social engineering targets the user rather than the binary, and “ghost writing” isn’t a standard term for this tactic.