Skip to content

Latest commit

 

History

History
78 lines (69 loc) · 4.05 KB

README.md

File metadata and controls

78 lines (69 loc) · 4.05 KB

Anti_Virus

An Anti-Virus project as part of Cyber-YB class. Written in

  • C++
  • Python
  • YARA
  • C#
  • C

The project analyses and finds suspicious behaviour of various exe files.

Main window

image image

Here, you can start the VM for the Dynamic Analysis, move the Static And Hash Analyis Windows. The clock on the right side is a Dial the will tell the probablity of the file of being a virus In the side bar there are 5 options:

  • Home Screen
  • Directory Analysis
  • IP Analysis
  • Terms and Services
  • Configuration

Dynamic Analysis

VM when turned on:
image

The batch file turns on the reciever that is waiting for the file. When the file is in the vm, it injects the dll with the hooks, and then runs SysInternals Handle.exe. The results:

image image image image

Static Analysis

A few checks run on the file:

  • Portable Executable info
  • Suspicious Strings (YARA)
  • Additional Strings (Sysinternals)
  • Packers check (YARA)
  • Imports - Done by going into the Import Address table of the IAT
  • 3 PE checks - Fractionated Imports, Suspicious sections, and PE Linker test

    image image image

Hash Analysis

Here, we will interface with virus total, and perform Fuzzy Hashing Analysis

image image image

Directory Analysis

Sending each file from Directory to Virus Total:

image

IP Analysis

Using PyDivert to block IP's found suspicious in DNS cache by Virus total:

image image image

Configuration

The user can configure 3 options:

  • Virus Total Search
  • Vaulting
  • Data Base saving (Redis Data Base)

    image

Quarnatine

If the file was found to have a probability of being malicious greater than 75 percent, it will go into quarantine. The system will encrypt the file, and put it into a Hidden folder.

image image

To release from quarantine, go into the configuration and disable the vaulting:

image

Full Project Book

This is the full project book (51 pages). Written in Hebrew:

elad2.docx