How can I create my own virus signature of a .exe or .lib file? I started my reading certain bytes to the file and then just storing them in another file and manually adding this to a virus sc开发者_开发技巧anner. Will this work? thanks
There are many different ways to create a signature of a file, one of the simplest, and easiest, is to take a hashing function, like SHA1, and run it against the whole file.
Basically you need to find a sequence of bytes that's makes it unique, the AV companies spend a lot of time to analyse the behaviour, traints and find something unique. And the Antivirus application reads the binary file to look for the byte pattern
Kindly read the Antivirus fundamentals: Viruses, signatures, disinfection from Kasperskey
To start with basic you need to create/maintain a hex table where signature is unique column followed by the Name, Type. And read files in your computer and try to get a match with the Hex database table.
Now how to keep it unique, as it's hard to analyse each .exe
on your own to get the signature. As stated here, kindly read the intro-to-creating-anti-virus-signatures
Look for what is yara
Engine & Rules here virustotal.github.io/yara/ and how VirusTotal uses it to create AV signatures then on to rules yararules.com .There are few tools like yaraeditor to help you out but with google you can find more.
Then you can put your hands on OpenSource Antivirus like ClamAV github.com/Cisco-Talos/clamav-devel and use it for purpose.
精彩评论