Sign in to follow this  
Followers 0
rcmaehl

File Detection and Threading/Child Processes

2 posts in this topic

#1 ·  Posted (edited)

Well, I'm making an Anti-Malware program. However, since I'm a smart computer user and also a primarily Linux user I have no viruses that I can use for the program definitions and it would take me a long while (can't find any good torrents at the moment, although I could just ask 4chan now that I think about it :), so can you guys link me to some Virustotal results of malware.

So far my Anti-Malware program detects the following:

For Linux: Forkbombs (in python, bash, sh), anything that contains 'rm- rf /' and variants, Everything from Windows

For Windows: autorun.inf (Risky), Forkbombs (in Autoit, python, batch), anything with 'Format /x C:' and variants, Unprotected Administrator Accounts

If all else fails I'll just have the AV program go by a whitelist.

Also what's the best way to compare files? MD5/SHA1/SHA256/etc?

Now for the AutoIt related part:

If I have a script calling multiple child process one after another and having it read the Stdout of each child process to allow me to bypass RunWait and having the child process use an exit code instead of writing to Stdout thus allowing multiple child processes at once. What's the best way (or a way) to make sure all the child processes terminated and launch another child process so that the number of child processes is always the same (until I don't need it to be) while having it being able to determine if the child process did not write to Stdout for some reason (and relaunch the child process that didn't write to Stdout)?

Chart:

+Parent

+Child One -> Stdout <- Parent Reads

+Child Two -> Stdout <- Parent Reads

+Child Three -> Stdout <- Parent Reads

+Child Four -> Stdout <- Parent Reads

+Child Five -> Stdout <- Parent Reads

EDIT: Removed a derp I had for a second about forgetting discussing malware was not allowed.

Edited by rcmaehl

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites



Well, I'm making an Anti-Malware program. However, since I'm a smart computer user and also a primarily Linux user I have no viruses that I can use for the program definitions and it would take me a long while (can't find any good torrents at the moment, although I could just ask 4chan now that I think about it :), so can you guys link me to some Virustotal results of malware.

I've tried the same, I made a post about how I can get some malware hashes etc, one of the mvp's or mods pointed out an API virus total has where you can submit a file and retrieve the results but that's very limited and very time consuming, clamav is open source, the best you can do is find out how it detects malware and implement it's shit in autoit, I haven't looked at it so I'm not sure how or where it obtains definitions or if it even uses them, but if it does, maybe you can use them from autoit, at least that's the way I thought about it. But I abandoned the idea after a while.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0