Sky AV | Memory Scanning | Malware Identifier

by Killpot - 15-12-2015, 04:22 AM
Active Member
Supreme
Posts:
272
Joined:
Oct 2015
Likes:
11
Credits:
599
Reputation:
25
1 Year of Service
#1
OP
Posted: 15-12-2015, 04:22 AM (This post was last modified: 18-12-2015, 06:57 AM by Killpot.)
Yo.

So starting off this will just be an announcement thread and I'll update a changelog frequently of how the projects currently doing. 

The program is currently VERY alpha, however the core functionality is there.

Features:
- RunPE Detector: Compares sections of process module and it's host, if there's more than 5 it's likely a RunPE, thus it kills the process
- Win32 API Hooking: This feature allows real time detections, as process are created they are scanned, same goes for files
- Adobe Malware Classifier: This is the incorporation of Adobe's Malware Classifier script, written in python it's the core of the Malware Analysis
- In Depth Settings: Pretty much everything is customizable, you'll be able to set everything to where you feel it should be
- Bulk File Scanning: Chose singular files to scan, or scan whole directories!
- Right click menu integration: Right click on files to scan them on the fly!

Planned Features:
- VirusCheckMate.com integration
- Better RunPE detection (aside section mismatches)
- Thread Hijacking to kill protected processes
- Not a shitty GUI
- Plugins? (MAYBE)


Memory Scanning:


I'll answer any questions or comments you guys have, if you have any suggestions I'd like to hear them!

--UPDATE--

So I've begun working on a not ugly GUI, it actually looks quite nice, I've used Google's Material Skin it's animated.

I've successfully upgraded out RunPE scanning, we can now inspect 64 bit processes, however I have allot more calibration ahead of me as allot of 
system processes are detected as RunPE's because that's effectively what they're doing, it's the same as having VS debug, it's hosting the real
application, and thus has allot of mismatched headers, so for now, I'll just get detections down, even if it's a system process and deal with sorting
out which ones to kill later.

--UPDATE--

x64 process scanning has been removed and will not be added back in for the current foreseeable future.

New video demo of memory scanning

GUI Update :^)
[Image: sz5yJxK.png]

--MOTHER OF UPDATES--
HOO BOY YOU'RE GONNA WANNA SIT DOWN FOR THIS ONE

Ok, so a lot's happened lately and while I haven't changed much on the note of the program this is worth of an update as things are going to take a turn from where they were originally headed.

So, first off, I've partnered up with 2 other users that will massively improve SkyAV, I won't name them, they can post here if they want it to be known.
With these 2 users, one will be coding the program alongside me, this user will also take care of all web related processes of the program.
We'll be commercializing the product, so sorry for all that were banking on getting the source, I may still be releasing parts of it as I go along however.
The program will still be free to use, but many of the features will be premium, and these premium features will come as monthly fees, we have yet to decide the pricing.
We'll be implementing a full blown Heuristics Engine that the user and I will be coding from scratch, we will be implementing methods of submitting files to be scanned by hand.
Most of the AV will be handled server side via LiteCode and a few other tricks I have up my sleeve. However with this big update comes a lot of opportunity. As doing this
will allow me to spend a lot more time on the project. As always I'll be keeping this thread updated on it's status. We'll be needing beta testers eventually so keep an eye
out for that, alongside the fact that we will be needing to build our signatures database, so eventually I'll be putting in place some system that will reward you
for submitting a file you know to be malicious that our Heuristics Engine isn't detecting. I have yet to decide what the reward will be, money, btc, subscription time, etc.

I look forward to hearing your thoughts!
underage asian twink
Posts:
2,411
Joined:
Jun 2015
Likes:
214
Credits:
13
Reputation:
218
2 Years of Service
#2
Posted: 15-12-2015, 05:11 AM
Did you add in the description?
dead
Active Member
Supreme
Posts:
272
Joined:
Oct 2015
Likes:
11
Credits:
599
Reputation:
25
1 Year of Service
#3
OP
Posted: 15-12-2015, 05:13 AM (This post was last modified: 15-12-2015, 05:20 AM by Killpot.)
(15-12-2015, 05:11 AM)Nyan Wrote: Did you add in the description?

[Image: nuYSGUK.png]

(15-12-2015, 05:11 AM)Nyan Wrote: Did you add in the description?

lest we forget the icon too! [Image: 3BRtOsu.png]
Active Member
Supreme
Posts:
272
Joined:
Oct 2015
Likes:
11
Credits:
599
Reputation:
25
1 Year of Service
#4
OP
Posted: 16-12-2015, 11:17 PM
Thread updated for new changes
Summary:
New & Better GUI
64 Bit process scanning added, calibration needed. 
Offline
Posts:
932
Joined:
Jan 2015
Likes:
79
Credits:
864
Reputation:
57
2 Years of Service
#5
Posted: 16-12-2015, 11:19 PM
hhahah nice icon....



fap fap
Sent from my Nokia 3310
Active Member
Supreme
Posts:
272
Joined:
Oct 2015
Likes:
11
Credits:
599
Reputation:
25
1 Year of Service
#6
OP
Posted: 16-12-2015, 11:25 PM (This post was last modified: 17-12-2015, 04:09 AM by Killpot.)
(16-12-2015, 11:19 PM)ピカチュウ Wrote: hhahah nice icon....



fap fap

your avatar reminds me of AeonHack
[Image: avatar_101640.png?dateline=1449009879]

Thread Updated:
Summary:
x64 Process scanning removed permanently(?)
New GUI!
Active Member
Supreme
Posts:
272
Joined:
Oct 2015
Likes:
11
Credits:
599
Reputation:
25
1 Year of Service
#7
OP
Posted: 18-12-2015, 06:58 AM
--Update--
Summary:
No TL;DR, get to reading
Junior Member
Posts:
81
Joined:
Dec 2015
Likes:
10
Credits:
98
Reputation:
10
1 Year of Service
#8
Posted: 10-07-2017, 01:51 AM
I am going to be attempting to restart this project. I was one of the original developers of this project and I am hoping to revive it as it could become something great. I am attempting to get in contact with Killpot because he is going to be needed to implement the heuristics engine because that is out of my league as far as programming goes. Expect many updates to this project though.

Changelog 09/07/17
* Implemented AMC for Single File Scanning (Folder Scanning Coming Next)
* Added Start SkyAV on Startup Option
* A few improvements to the log colors and such
Member
Posts:
144
Joined:
Jun 2017
Likes:
5
Credits:
2
Reputation:
4
#9
Posted: 12-07-2017, 07:25 PM
WOW , Nice Malware Indentifier, Did you make any GitHub to make Branchs , and make a good software?
Yo
Omae wa mo Shindeiru

*Dead inside*

;-;
Novice
Posts:
24
Joined:
Jul 2017
Likes:
0
Credits:
1
Reputation:
0
#10
Posted: 27-07-2017, 01:15 AM
Nice malware indentifier,keep on.
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)