An Anti-Virus project as part of Cyber-YB class. Written in
- C++
- Python
- YARA
- C#
- C
The project analyses and finds suspicious behaviour of various exe files.
Here, you can start the VM for the Dynamic Analysis, move the Static And Hash Analyis Windows.
The clock on the right side is a Dial the will tell the probablity of the file of being a virus
In the side bar there are 5 options:
- Home Screen
- Directory Analysis
- IP Analysis
- Terms and Services
- Configuration
VM when turned on:
The batch file turns on the reciever that is waiting for the file. When the file is in the vm,
it injects the dll with the hooks, and then runs SysInternals Handle.exe. The results:
A few checks run on the file:
- Portable Executable info
- Suspicious Strings (YARA)
- Additional Strings (Sysinternals)
- Packers check (YARA)
- Imports - Done by going into the Import Address table of the IAT
- 3 PE checks - Fractionated Imports, Suspicious sections, and PE Linker test
Here, we will interface with virus total, and perform Fuzzy Hashing Analysis
Sending each file from Directory to Virus Total:
Using PyDivert to block IP's found suspicious in DNS cache by Virus total:
The user can configure 3 options:
- Virus Total Search
- Vaulting
- Data Base saving (Redis Data Base)
If the file was found to have a probability of being malicious greater than 75 percent, it will go into quarantine.
The system will encrypt the file, and put it into a Hidden folder.
To release from quarantine, go into the configuration and disable the vaulting:
This is the full project book (51 pages). Written in Hebrew:
elad2.docx