Sign in to follow this  
Followers 0
Influx

List of virus signatures

5 posts in this topic

I wanted to make an anti virus application in autoit.

I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications)

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I wanted to make an anti virus application in autoit.

I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications)

AV tools have been moving away from signature based comparisons for years now.

No - I don't know where you could get such a list for free.

Edit: Here is a link that I did not immediately find for this post/thread:

http://www.securityfocus.com/news/11531

2.5 hours - Wow!

Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

thanks for the link, anyone else have any idea. also i am trying to make a php based version, but it wont give me a hit

here is the code:

<?php
$filename = $_GET['FILE'];
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
$filename2 = "database.viri";
$handle2 = fopen($filename2, "r");
$database = fread($handle2, filesize($filename2));
fclose($handle2);
$db = explode(";", $database);
$count = count($db);
$cx = 1;
$count = $count - $cx;
for ( $i = 0; $i <= $count; $i += 1) {
$db2 = explode("=", $db[$i]);
if (strstr($contents, $db2[1]) != FALSE) {
ECHO '<centeR><h2>RESULTS:</h2><br><table border="1" ><tr><td><center>FILE:<font color="red">'.$filename.'</font><br>STATUS:<font color=red>INFECTED</font><br>NAME/TYPE:<font color="red">'.$db2[0].'</font></td></tr></table><br>';
break;
}
}

?>

anyone see anythign wrong right off the bat?

Share this post


Link to post
Share on other sites

Have a look at http://www.threatexpert.com/reports.aspx - hundreds an hour on some days!

Somehow I suspect you have a significantly difficult task ahead of you using something like a script language, php or AutoIT.

Share this post


Link to post
Share on other sites

im attempting to rewrite in C++ while i write in autoit.

that site only returns the MD5 of the whole file correct? so hex editing could easily change the MD5....not very accurate, or an i missing something?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0