Konloch Software

Experimental Antivirus

Published 06/20/2024

📝 This project has been superseded by Antivirus+

Attempts to trick malware using techniques from NavyTitanium/Fake-Sandbox-Artifacts

What Does It Do?

  • Tricks malware into de-activating itself.
  • Assuming the malware you could be exposed to is checking the active processes - for reverse engineering tools and then safely shuts itself down if found - we can abuse that by pretending to be those tools.

Links

Requirements

  • Java 8 or greater
  • Windows 10 (Earlier versions would probably work fine)

Media

Experimental Antivirus - Tray Icon Management(Click to enlarge)Experimental Antivirus - Tray Icon Status(Click to enlarge)Experimental Antivirus - Tiny Processes To Help Mimic Reverse Engineering Tools(Click to enlarge)

Theory

Generally malware will contain a sandbox check. This involves identifying if the current machine contains any form of virtualization used to reverse engineer the malware. A common method of handling this situation is to close and no longer attempt the infection. But this is of-course entirely up to the malware itself. Ideally this concept would be part of some free antivirus package, as this is just one small component. This is licensed MIT to help push it towards that future.

Notes

May have issues on 32bit operating systems - just recompile the BlankProcess.exe to solve this.

Latest Updates