Influx Posted January 3, 2009 Posted January 3, 2009 I wanted to make an anti virus application in autoit. I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications)
herewasplato Posted January 3, 2009 Posted January 3, 2009 (edited) I wanted to make an anti virus application in autoit.I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications)AV tools have been moving away from signature based comparisons for years now.No - I don't know where you could get such a list for free.Edit: Here is a link that I did not immediately find for this post/thread:http://www.securityfocus.com/news/11531 2.5 hours - Wow! Edited January 3, 2009 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size]
Influx Posted January 3, 2009 Author Posted January 3, 2009 thanks for the link, anyone else have any idea. also i am trying to make a php based version, but it wont give me a hit here is the code: <?php $filename = $_GET['FILE']; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); $filename2 = "database.viri"; $handle2 = fopen($filename2, "r"); $database = fread($handle2, filesize($filename2)); fclose($handle2); $db = explode(";", $database); $count = count($db); $cx = 1; $count = $count - $cx; for ( $i = 0; $i <= $count; $i += 1) { $db2 = explode("=", $db[$i]); if (strstr($contents, $db2[1]) != FALSE) { ECHO '<centeR><h2>RESULTS:</h2><br><table border="1" ><tr><td><center>FILE:<font color="red">'.$filename.'</font><br>STATUS:<font color=red>INFECTED</font><br>NAME/TYPE:<font color="red">'.$db2[0].'</font></td></tr></table><br>'; break; } } ?> anyone see anythign wrong right off the bat?
Confuzzled Posted January 6, 2009 Posted January 6, 2009 Have a look at http://www.threatexpert.com/reports.aspx - hundreds an hour on some days!Somehow I suspect you have a significantly difficult task ahead of you using something like a script language, php or AutoIT.
Influx Posted January 6, 2009 Author Posted January 6, 2009 im attempting to rewrite in C++ while i write in autoit. that site only returns the MD5 of the whole file correct? so hex editing could easily change the MD5....not very accurate, or an i missing something?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now