XR3X
Clicky

Jump to content


Photo

New Project (Malware Scanner) Heuristic + Packer Detection + Malware Detection 4 Engines


50 replies to this topic

#1 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 28 October 2014 - 02:12 AM

I will to realease soon..

 

 

 

A malware Detector.. On demand scanner. Portable 

Scan 100 Files per Second


  • turbo420, Ravage, x58 and 2 others like this

#2 Becks

Becks

    Intermediate Member

  • Loyalist
  • 195 posts

Posted 28 October 2014 - 01:26 PM

Looks nice, but more information would be nice. How about adding a plugin system to add new pages/functions?


  • x58 likes this

#3 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 31 October 2014 - 08:02 PM

Anyone want to test?

 

 

Thanks



#4 Anthrax

Anthrax

    Member

  • Members +
  • 45 posts

Posted 31 October 2014 - 08:08 PM

What is it coded in? I honestly can't tell based on the GUI.



#5 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 31 October 2014 - 08:12 PM

What is it coded in? I honestly can't tell based on the GUI.

 

VB6 + Delphi 2009



#6 d3m

d3m

    Intermediate Member

  • Loyalist
  • 256 posts

Posted 31 October 2014 - 08:22 PM

Anyone want to test?

 

 

I want.



#7 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 31 October 2014 - 11:35 PM

I will finish the signature generator.. & i will to give to you the software for test..

 

Download:

 

Please Login or Register to see this Hidden Content

 

thanks

 

here a video executed in vmware processor at 50%

 

Only use 8MB memory

 

 


  • x58 likes this

#8 Deque

Deque

    Intermediate Member

  • Members ++
  • 124 posts
Contributor

Posted 06 November 2014 - 12:09 PM

Great project.
Did you write the detection engines yourself?
Will it be open source at some point?
Do you have any detection rate and false positive rate results?

#9 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 06 November 2014 - 09:44 PM

 

 

 

Great project.

 

Thanks Bro


Did you write the detection engines yourself?

 

Yes,,


Will it be open source at some point?

 

if anyone is interested on the project..yes


Do you have any detection rate and false positive rate results?

 

i will try to no get false positives..



#10 testacc

testacc

    Intermediate Member

  • Loyalist
  • 244 posts
Contributor

Posted 07 November 2014 - 02:16 PM

I'm always a fan of projects like this, too bad you use languages which I have no idea about.

Someone should start similar project in C :)

 

I once did, but then left the project.. Here's what I thought for detecting packers/crypters:

 

 

 

- The last section is executable
- The first section is writeable
- The raw size of the first section is 0
- Entrypoint in last section
- Any section is write & executable
- Suspicious section names (".aspack", ".adata", "UPX0", ".vmp", ".loader", ".bxpck", etc)
- Double section names
- No imports or modules(dlls) at all
- No strings in data section
- Suspicious Imports (VirtualProtect, WriteProcessMemory, LoadLibrary, etc)
- Only LoadLibrary and GetProcAdress imported
- High entropy in sections or in resource directory
- Resource directory is 40-80% of executable size

 

some of those ideas are by wacked who is also a member here.. That would of course lead to false positives, but it would be a fun project ^^


  • Hess and Deque like this

#11 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 03 December 2014 - 06:35 PM

Auto Signature  generator added.

 


  • Pongi likes this

#12 CertD

CertD

    Member

  • Members +
  • 13 posts

Posted 03 December 2014 - 11:41 PM

Do you plain to parse every executable file manually?)

Better try to teach neural network and let to parse files to her.



#13 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 03 December 2014 - 11:55 PM

This a malware detector. on demand scanner.. portable

for technician..

 



#14 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 04 December 2014 - 02:50 AM

Beta Version Ready for download..

 

www.rdgsoft.net/downloads/RDG.Malware.Detector.2014.zip

 

reviews?

 

thanks


  • alex220247 and Hess like this

#15 Hess

Hess

    Intelligence Service

  • Loyalist
  • 3,549 posts
  • LocationBelgrade
Contributor

Posted 04 December 2014 - 08:53 AM

This tool is quite good , yet , it needs more work too. :) Quick memory scan has revealed more PUP objects , that I could think of it , MBAM detects them also. :) Other ones are just protected or packed legit files , but in term of potential malware objects , it comes handy too. It also caught ad blocking processes , but , they're supposed to be there. :) In short: This tool is quite good for detecting unknown processes on processes on computers that I don't own , plus , adding RDG Packer Detector engine will also come handy in it , preventing from killing and deleting legit files. Adding signatures on Your own is good , so , You can whitelist / blacklist custom processes that are unknown , and , adding VT API will be good also. :) In form of technician portable app , it has quite good future. :)



#16 BSKO

BSKO

    Member

  • Members ++
  • 38 posts
  • LocationSarajevo

Posted 04 December 2014 - 11:23 AM

can you give more info about it ? how it works ? for some strange reason you wrote GUI in VB6 and dll's in delphi ? why not make gui in delphi it would be much better and you would have more control over it.



#17 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 04 December 2014 - 11:43 AM

i added 100.000 signatures for test speed scanning.. the exploration speed is very good.

the engine was coded  in 72hs.

auto signature maker will decide the best signature. 

 

packer database is very light. only include 2 signatures. upx and pe compact.

 

if you disable the heuristic option.. i think you will get 0 False positive detection.


Edited by RDGMax, 04 December 2014 - 11:47 AM.


#18 CertD

CertD

    Member

  • Members +
  • 13 posts

Posted 04 December 2014 - 12:02 PM

Scan speed seems very nice, but some false positives:

 

 

Seems like any delphi app's looks like Packer/Cryptor

 

and I can't select any files on disks, just My documents folder available:

 

 

 



#19 RDGMax

RDGMax

    RDGSoft products

  • Members ++
  • 94 posts

Posted 04 December 2014 - 12:23 PM

I forgot to activate the digital signature detector.. what os are you using 

Certd



#20 CertD

CertD

    Member

  • Members +
  • 13 posts

Posted 04 December 2014 - 12:51 PM

Win 7 x32