GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → apriorit → antirootkit-anti-splicer

apriorit / antirootkit-anti-splicer

Licence: MIT license
The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language

Labels

windowsspliceantiviruspe-loadersst

Projects that are alternatives of or similar to antirootkit-anti-splicer

Simple-Antirootkit-SST-Unhooker
This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks
Stars: ✭ 31 (+0%)
Mutual labels:  antivirus, sst
DllLoaderShellcode
Shellcode to load an appended Dll
Stars: ✭ 72 (+132.26%)
Mutual labels:  pe-loader
clamfs
ClamFS is a FUSE-based user-space file system for Linux and BSD with on-access anti-virus file scanning
Stars: ✭ 29 (-6.45%)
Mutual labels:  antivirus
MCAntiMalware
Anti-Malware for minecraft
Stars: ✭ 182 (+487.1%)
Mutual labels:  antivirus
Mail-Toaster-6
Mail Toaster 6
Stars: ✭ 40 (+29.03%)
Mutual labels:  antivirus
Batch-Antivirus
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
Stars: ✭ 26 (-16.13%)
Mutual labels:  antivirus
antimalwareapp
Anti-malware for Android using machine learning
Stars: ✭ 206 (+564.52%)
Mutual labels:  antivirus
milter-manager
milter manager is a free software to protect you from spam mails and virus mails effectively with milter.
Stars: ✭ 42 (+35.48%)
Mutual labels:  antivirus
VirusTotalScanner
Scan suspicious applications with over 60 different anti-viruses with a mere two clicks and five seconds!
Stars: ✭ 18 (-41.94%)
Mutual labels:  antivirus
JustEvadeBro
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Stars: ✭ 63 (+103.23%)
Mutual labels:  antivirus
Aftermath
A simple anti token-grabber, written in Python.
Stars: ✭ 40 (+29.03%)
Mutual labels:  antivirus
bank mitigations
Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo
Stars: ✭ 17 (-45.16%)
Mutual labels:  antivirus
antivirus
Useful plugin that will scan your theme templates for malicious injections. Automatically. Every day. For more blog security.
Stars: ✭ 31 (+0%)
Mutual labels:  antivirus
netpoll
Package netpoll implements a network poller based on epoll/kqueue.
Stars: ✭ 38 (+22.58%)
Mutual labels:  splice
Defeat-Defender-V1.2
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection ..Disable Windows-Defender Permanently....Hack windows. POC
Stars: ✭ 885 (+2754.84%)
Mutual labels:  antivirus
ClamAV.Managed
ClamAV bindings for the .NET Framework, Mono and PowerShell. ClamAV.Managed is a library written in C# for the .NET Framework and Mono, providing managed bindings for the libclamav interface. It includes ClamAV.Managed.PowerShell, a set of PowerShell cmdlets for ClamAV scanning. It comes with sample code for building a GUI virus scanner applicat…
Stars: ✭ 15 (-51.61%)
Mutual labels:  antivirus
AV-Killer
Antivirus Killer
Stars: ✭ 91 (+193.55%)
Mutual labels:  antivirus
gitavscan
Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Stars: ✭ 23 (-25.81%)
Mutual labels:  antivirus
pg snakeoil
The PostgreSQL Antivirus #pgSnakeOil
Stars: ✭ 21 (-32.26%)
Mutual labels:  antivirus
examples
A collection of example serverless apps built with SST.
Stars: ✭ 41 (+32.26%)
Mutual labels:  sst
View All Similar Projects ➔

Simple Anti-Splicer

About

This solution is created as a demonstration of one of the anti-rootkit techniques, and in particular it illustrates the detection and remediation against malware hooks set up by the splicing method.

Splicing is a method of API function hooking by changing the code of the target function. Usually it is used to hide some files and/or processes in the system. Typically, the malware changes the first 5 bytes of the target function inserting a jump to the custom function. This article explains and illustrates this approach.

Implementation

The implemented approach is based on the verification of the entire ntoskernel image, similar to the way it is performed in the windbg !chkimg extention. Verification algorithm repeats some actions of the PE loader.

After verification, all detected hooks are removed.

You can find step-by-step code explanations and approach details in the related article.

License

Licensed under the MIT license. © Apriorit.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].