I am trying to create an Antivirus too.
It's a mini version of FDSec, with the only blackhashes engine. starting it, it will scan %USERPROFILE% folder recursively, in loop, checking all files only for blackhashes. There are two versions, english and italian one. Please report bugs in Issues tab.
Read and check the code before compiling and running it in production (Virtual Machine)!
- Create a new project in Visual Studio;
- Paste the code inside Program.cs;
- READ and CHECK the code;
- Compile it and execute the binary!
- (optional) download and unzip radare2 in FDSec folder (copy the 'bin', 'include', 'lib' and 'share' folders as showed below);
| FDSec folder |
|---|
| bin\ |
| include\ |
| lib\ |
| share\ |
| fdsec.exe |
I suggest Framework 4.7 or higher!
- Scan processes in loop:
C:\fdsec_folder> .\fdsec.exe
- Scan a file then exit:
C:\fdsec_folder> .\fdsec.exe suspicious-file.exe
- Scan recursively a folder then exit:
C:\fdsec_folder> .\fdsec.exe .\folder\
- scan processes in loop;
- Arbitrary scan single file;
- recursive scan folder;
- scan remote ip connections in loop;
- automatic exclusion from legittimate software (by whitelist hashes);
- scan dangerous functions from strings;
- (optional) radare2 scanner for a deep search of dangerous functions;
Using radare2 may cause a slowdown in the dangerous functions search. I have implemented a 5-seconds timed wait then it will be forced killed;
- blacklist and whitelist of sha256 hashes;
- signatures;
- blacklist of malicious ip;
- dangerous functions;