I guess I'm trying not to have any spoilers here for still active boxes, so apologies if this is too vague or lacks enough detail.
So I've been doing a windows box that came out relatively recently, and, having got a shell that I wanted to upgrade, I decided to upload nc.exe onto the box(A version that has always worked for me). I did this, and found that the file would not execute.. at least, it appeared that nothing happened when executed. I also uploaded a different program as exe, which then DID work. This immediately contradicted my theory that AV was blocking me from running exe files. So I tried a couple more different 'versions' of nc.exe I had lying around (from different sources), and then one of them just worked. I don't know what the difference is between these executables, but I would absolutely love to know (I'm pretty certain it wasn't an x86 vs x64 issue, as I was using the right version for the box, and actually had tried both to no avail..). If someone has any info on this, it would be much appreciated. I have yet to examine the files closely, as I am not quite sure how to go about that yet. Thanks for reading.
EDIT: I know that msfvenom can generate shellcode using an encoder to attempt AV evasion. Is it possible then that these exe files have been somehow compiled using a related technique? This is my uneducated theory