I am trying to create an Antivirus too.
Read and check the code before compiling and running it in production (Virtual Machine)!
- Create a new project in Visual Studio;
- Paste the code inside Program.cs;
- READ and CHECK the code;
- Compile it and execute the binary!
- (optional) download and unzip radare2 in FDSec folder (copy the 'bin', 'include', 'lib' and 'share' folders as showed below);
| FDSec folder |
|---|
| bin\ |
| include\ |
| lib\ |
| share\ |
| fdsec.exe |
I suggest Framework 4.7 or higher!
- Scan processes in loop:
C:\fdsec_folder> .\fdsec.exe
- Scan a file then exit:
C:\fdsec_folder> .\fdsec.exe suspicious-file.exe
- Scan recursively a folder then exit:
C:\fdsec_folder> .\fdsec.exe .\folder\
- scan processes in loop;
- Arbitrary scan single file;
- recursive scan folder;
- scan remote ip connections in loop;
- automatic exclusion from legittimate software (by whitelist hashes);
- scan dangerous functions from strings;
- (optional) radare2 scanner for a deep search of dangerous functions;
Using radare2 may cause a slowdown in the dangerous functions search. I have implemented a 5-seconds timed wait then it will be forced killed;
- blacklist and whitelist of sha256 hashes;
- signatures;
- blacklist of malicious ip;
- dangerous functions;