So starting off this will just be an announcement thread and I'll update a changelog frequently of how the projects currently doing.
The program is currently VERY alpha, however the core functionality is there.
- RunPE Detector: Compares sections of process module and it's host, if there's more than 5 it's likely a RunPE, thus it kills the process
- Win32 API Hooking: This feature allows real time detections, as process are created they are scanned, same goes for files
- Adobe Malware Classifier: This is the incorporation of Adobe's Malware Classifier script, written in python it's the core of the Malware Analysis
- In Depth Settings: Pretty much everything is customizable, you'll be able to set everything to where you feel it should be
- Bulk File Scanning: Chose singular files to scan, or scan whole directories!
- Right click menu integration: Right click on files to scan them on the fly!
- VirusCheckMate.com integration
- Better RunPE detection (aside section mismatches)
- Thread Hijacking to kill protected processes
- Not a shitty GUI
- Plugins? (MAYBE)
I'll answer any questions or comments you guys have, if you have any suggestions I'd like to hear them!
So I've begun working on a not ugly GUI, it actually looks quite nice, I've used Google's Material Skin it's animated.
I've successfully upgraded out RunPE scanning, we can now inspect 64 bit processes, however I have allot more calibration ahead of me as allot of
system processes are detected as RunPE's because that's effectively what they're doing, it's the same as having VS debug, it's hosting the real
application, and thus has allot of mismatched headers, so for now, I'll just get detections down, even if it's a system process and deal with sorting
out which ones to kill later.
x64 process scanning has been removed and will not be added back in for the current foreseeable future.
New video demo of memory scanning
GUI Update :^)
--MOTHER OF UPDATES--
HOO BOY YOU'RE GONNA WANNA SIT DOWN FOR THIS ONE
Ok, so a lot's happened lately and while I haven't changed much on the note of the program this is worth of an update as things are going to take a turn from where they were originally headed.
So, first off, I've partnered up with 2 other users that will massively improve SkyAV, I won't name them, they can post here if they want it to be known.
With these 2 users, one will be coding the program alongside me, this user will also take care of all web related processes of the program.
We'll be commercializing the product, so sorry for all that were banking on getting the source, I may still be releasing parts of it as I go along however.
The program will still be free to use, but many of the features will be premium, and these premium features will come as monthly fees, we have yet to decide the pricing.
We'll be implementing a full blown Heuristics Engine that the user and I will be coding from scratch, we will be implementing methods of submitting files to be scanned by hand.
Most of the AV will be handled server side via LiteCode and a few other tricks I have up my sleeve. However with this big update comes a lot of opportunity. As doing this
will allow me to spend a lot more time on the project. As always I'll be keeping this thread updated on it's status. We'll be needing beta testers eventually so keep an eye
out for that, alongside the fact that we will be needing to build our signatures database, so eventually I'll be putting in place some system that will reward you
for submitting a file you know to be malicious that our Heuristics Engine isn't detecting. I have yet to decide what the reward will be, money, btc, subscription time, etc.
I look forward to hearing your thoughts!
(This post was last modified: 12-18-2015, 05:57 AM by Killpot.)