AVAudit icon indicating copy to clipboard operation
AVAudit copied to clipboard

Published 20 hours ago verified publisher icon evmcheb

Metadata

A framework for preforming black-box analysis of antivirus emulators

AVAudit

A framework for preforming black-box analysis of antivirus emulators

Read about the story behind AVAudit

Inspired by AVLeak by Alexei Bulazel

Usage

View avaudit.py for example usage and fingerprints/ for example fingerprint files

example run

current features

  • At least 3x as fast as previous implementations
  • Uses less CPU resources than previous implementations
  • Create universal fingerprints
  • Easy to use API
  • Template system

Antiviruses implemented

  • Defender ✅
  • Kaspersky 🚧
  • ESET 🚧

Notes

  • Disable cloud/realtime features on any antivirus
  • Implemented using mingw-gcc
  • I found to get antiviruses to consistently emulate
    • strip from C runtime
    • define custom entrypoint
    • remove any optimisations

Metadata

15
Stars
4
Forks
Watchers

Owner

verified publisher icon evmcheb

Metadata

A framework for preforming black-box analysis of antivirus emulators

Back