Influx Posted January 3, 2009 Share Posted January 3, 2009 I wanted to make an anti virus application in autoit. I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications) Link to comment Share on other sites More sharing options...
herewasplato Posted January 3, 2009 Share Posted January 3, 2009 (edited) I wanted to make an anti virus application in autoit.I was wondering if anyone knows where i could find a list of malicious signatures(peices of binary taken out of malicious applications)AV tools have been moving away from signature based comparisons for years now.No - I don't know where you could get such a list for free.Edit: Here is a link that I did not immediately find for this post/thread:http://www.securityfocus.com/news/11531 2.5 hours - Wow! Edited January 3, 2009 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
Influx Posted January 3, 2009 Author Share Posted January 3, 2009 thanks for the link, anyone else have any idea. also i am trying to make a php based version, but it wont give me a hit here is the code: <?php $filename = $_GET['FILE']; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); $filename2 = "database.viri"; $handle2 = fopen($filename2, "r"); $database = fread($handle2, filesize($filename2)); fclose($handle2); $db = explode(";", $database); $count = count($db); $cx = 1; $count = $count - $cx; for ( $i = 0; $i <= $count; $i += 1) { $db2 = explode("=", $db[$i]); if (strstr($contents, $db2[1]) != FALSE) { ECHO '<centeR><h2>RESULTS:</h2><br><table border="1" ><tr><td><center>FILE:<font color="red">'.$filename.'</font><br>STATUS:<font color=red>INFECTED</font><br>NAME/TYPE:<font color="red">'.$db2[0].'</font></td></tr></table><br>'; break; } } ?> anyone see anythign wrong right off the bat? Link to comment Share on other sites More sharing options...
Confuzzled Posted January 6, 2009 Share Posted January 6, 2009 Have a look at http://www.threatexpert.com/reports.aspx - hundreds an hour on some days!Somehow I suspect you have a significantly difficult task ahead of you using something like a script language, php or AutoIT. Link to comment Share on other sites More sharing options...
Influx Posted January 6, 2009 Author Share Posted January 6, 2009 im attempting to rewrite in C++ while i write in autoit. that site only returns the MD5 of the whole file correct? so hex editing could easily change the MD5....not very accurate, or an i missing something? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now