I will to realease soon..
A malware Detector.. On demand scanner. Portable
Scan 100 Files per Second
New Project (Malware Scanner) Heuristic + Packer Detection + Malware Detection 4 Engines
Started By
RDGMax
, Oct 28 2014 02:12 AM
50 replies to this topic
#2
Becks
-
- Loyalist
-
- 195 posts
Intermediate Member
Posted 28 October 2014 - 01:26 PM
Looks nice, but more information would be nice. How about adding a plugin system to add new pages/functions?
- x58 likes this
#3
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 31 October 2014 - 08:02 PM
Anyone want to test?
Thanks
#4
Anthrax
-
- Members +
-
- 45 posts
Member
Posted 31 October 2014 - 08:08 PM
What is it coded in? I honestly can't tell based on the GUI.
#5
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 31 October 2014 - 08:12 PM
Anthrax, on 31 Oct 2014 - 7:08 PM, said:
What is it coded in? I honestly can't tell based on the GUI.
VB6 + Delphi 2009
#6
d3m
-
- Loyalist
-
- 256 posts
Intermediate Member
Posted 31 October 2014 - 08:22 PM
Quote
Anyone want to test?
I want.
#7
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 31 October 2014 - 11:35 PM
I will finish the signature generator.. & i will to give to you the software for test..
Download:
thanks
here a video executed in vmware processor at 50%
Only use 8MB memory
- x58 likes this
#8
ContributorPosted 06 November 2014 - 12:09 PM
Great project.
Did you write the detection engines yourself?
Will it be open source at some point?
Do you have any detection rate and false positive rate results?
Did you write the detection engines yourself?
Will it be open source at some point?
Do you have any detection rate and false positive rate results?
#9
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 06 November 2014 - 09:44 PM
Deque, on 06 Nov 2014 - 11:09 AM, said:
Great project.
Thanks Bro
Did you write the detection engines yourself?
Yes,,
Will it be open source at some point?
if anyone is interested on the project..yes
Do you have any detection rate and false positive rate results?
i will try to no get false positives..
#10
Posted 07 November 2014 - 02:16 PM
I'm always a fan of projects like this, too bad you use languages which I have no idea about.
Someone should start similar project in C 
I once did, but then left the project.. Here's what I thought for detecting packers/crypters:
Quote
- The last section is executable
- The first section is writeable
- The raw size of the first section is 0
- Entrypoint in last section
- Any section is write & executable
- Suspicious section names (".aspack", ".adata", "UPX0", ".vmp", ".loader", ".bxpck", etc)
- Double section names
- No imports or modules(dlls) at all
- No strings in data section
- Suspicious Imports (VirtualProtect, WriteProcessMemory, LoadLibrary, etc)
- Only LoadLibrary and GetProcAdress imported
- High entropy in sections or in resource directory
- Resource directory is 40-80% of executable size
some of those ideas are by wacked who is also a member here.. That would of course lead to false positives, but it would be a fun project ^^
- Hess and Deque like this
#11
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 03 December 2014 - 06:35 PM
Auto Signature generator added.
- Pongi likes this
#12
CertD
-
- Members +
-
- 13 posts
Member
Posted 03 December 2014 - 11:41 PM
Do you plain to parse every executable file manually?)
Better try to teach neural network and let to parse files to her.
#13
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 03 December 2014 - 11:55 PM
This a malware detector. on demand scanner.. portable
for technician..
#14
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 04 December 2014 - 02:50 AM
Beta Version Ready for download..
www.rdgsoft.net/downloads/RDG.Malware.Detector.2014.zip
reviews?
thanks
- alex220247 and Hess like this
#15
Posted 04 December 2014 - 08:53 AM
This tool is quite good , yet , it needs more work too. Quick memory scan has revealed more PUP objects , that I could think of it , MBAM detects them also. Other ones are just protected or packed legit files , but in term of potential malware objects , it comes handy too. It also caught ad blocking processes , but , they're supposed to be there. In short: This tool is quite good for detecting unknown processes on processes on computers that I don't own , plus , adding RDG Packer Detector engine will also come handy in it , preventing from killing and deleting legit files. Adding signatures on Your own is good , so , You can whitelist / blacklist custom processes that are unknown , and , adding VT API will be good also. In form of technician portable app , it has quite good future.
Meet me here: http://www.voa.mod.gov.rs/en/
#16
BSKO
-
- Members ++
-
- 38 posts
Member
- LocationSarajevo
Posted 04 December 2014 - 11:23 AM
can you give more info about it ? how it works ? for some strange reason you wrote GUI in VB6 and dll's in delphi ? why not make gui in delphi it would be much better and you would have more control over it.
#17
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 04 December 2014 - 11:43 AM
i added 100.000 signatures for test speed scanning.. the exploration speed is very good.
the engine was coded in 72hs.
auto signature maker will decide the best signature.
packer database is very light. only include 2 signatures. upx and pe compact.
if you disable the heuristic option.. i think you will get 0 False positive detection.
Edited by RDGMax, 04 December 2014 - 11:47 AM.
#18
CertD
-
- Members +
-
- 13 posts
Member
Posted 04 December 2014 - 12:02 PM
Scan speed seems very nice, but some false positives:
Seems like any delphi app's looks like Packer/Cryptor
and I can't select any files on disks, just My documents folder available:
#19
RDGMax
-
- Members ++
-
- 94 posts
RDGSoft products
Posted 04 December 2014 - 12:23 PM
I forgot to activate the digital signature detector.. what os are you using
Certd
