Determine AV Signature

The constant threat: viruses, trojans, spyware, ... the list goes on

Determine AV Signature

Post by DSpin on Wed Sep 16, 2009 12:11 am
([msg=29739]see Determine AV Signature[/msg])

Hi all,
I am currently working on a project to automate the process of working out what the virus signature of a file is. This will be useful for me in my work so that I can actually get Netcat onto a machine without whatever AV the client is using killing it off my USB stick. Now I know there are implementations of Netcat out there that don't get picked up as often, but it is not just netcat that I want this for. And yes, I know that there are packers and encryptors and the like out there to evade antivirus, but to me that seems like a soft option. So I am going to go along the route of brute force hex editing (as talked about here: http://packetstormsecurity.org/papers/virus/Taking_Back_Netcat.pdf). When it finds out what section of code it is, it will tell me, I can then debug and modify that section and recompile.

So here is my issue. I want to work out a 'hands-free' way to trigger a scan of a file using whatever AV is available so that the whole process can be automated. The problem is getting feed back from the AV. Some will not allow it to execute, some will delete it, some will .... I don't know. So any pointers here would be appreciated.

PS Also, if I am wasting my time and there is a perfectly good tool out there already that I have been unable to find, please let me know (either here or by PM).

Thanks

DSpin
DSpin
New User
New User
 
Posts: 2
Joined: Wed Apr 23, 2008 9:25 pm
Blog: View Blog (0)


Re: Determine AV Signature

Post by thedotmaster on Wed Sep 23, 2009 9:28 am
([msg=30022]see Re: Determine AV Signature[/msg])

What?! Since when is there something wrong with netcat??
Jeez some AV providers are paranoid.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests