1 edit | Seeking new Malware Analyzer Tool (A.D.E.M.A) Version l.2
Michael, can we get a copy of this somewhere?
Written by: Gladiator_AV 
said by Gladiator_AV:
But it is not a "scanner" like a AV-Scanner, it is a tool
to classificating Malware (new and unknown malware).
You have to "Drag'n'Drop" Malware into it and if it detects something it alerts you.
Proberly you should start a thread in the public security DSLR Forum, because if i send it only to you i will get other requests from other peoples as well.
And maybe the users (which are suspecting a file to be a virus or something) can scan it before with ADEMA so that we know about what type of malware we are speaking.
I improve this little program all the time, because it is for me here at work even a great help.
It is even be able to analyse polymorphic viruses (such as parite.b and Mimail.Q or Dumaru) and so on.
I think this would be very useful for some of us who have suspicious files to submit 
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
|
|
pslossPremium
join:2002-02-24
Alpharetta, GA | said by CalamityJane:
I think this would be very useful for some of us who have suspicious files to submit
Absolutely -- if it has a general Portable Executable (Windows 32-bit executable) unpacking engine, then I could use it every day for stuff that's packed with things like ExeStealth or double-packed or packed and then altered and so on.
Rather than purely just for submitting though, I want to be able to at least dump embedded strings from the unpacked file and also dump the different headers to get a better idea about what a particular nasty does...
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org |
|
|
|
| reply to CalamityJane
Collector Dialog | 
Adema detects a Porn Dialer | 
Polymorphic Virus Detected |
It includes a analysis of ADEMA for each sample, that a AV Vendor knows what it is (for instance a dialer, a worm, a polymorphic virus and so on).
I will provide some screenshots here first.
Here is the first screenshot: The Malware-Collector-Dialog (new since Version 1.3)
--
Live Video Stream from home!
Here you can watch me at home in realtime.  |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | reply to CalamityJane
That looks good Michael. |
|
| reply to CalamityJane
 setup.zip 623,333 bytes
Setup Version 1.3
(setup.exe) |
Please Note: This is NOT a virus scanner. It does NOT protect you. It is a Malware Analyser which is be able to deal with new, unknown malware.
This means you can scan your PC and it will "collect" suspicious files into one Folder called "MALWARE" (Subfolder of your Installation Folder).
It does NOT unpack ZIP or RAR Files. But it is very very fast and detects a lot of brand new malware and even polymorphic viruses / worms.
It can even create signatures (for some types of malware) full automaticaly.
You can scan single files via Drag'n'Drop or whole Drives / Folders via the "Collector Mode".
This program does NOT delete any files. The Collector does only copy a suspicious file into the MALWARE FOLDER.
And... it stills under development. There is not a daily update because it works completely without signatures.
Have fun,
Michael
--
Live Video Stream from home!
Here you can watch me at home in realtime. |
|
| said by Gladiator_AV:
SETUP-DOWNLOAD for Version 1.3
Thanks for your work, Michael.
Regards
Martin
--
From the GSV "Dubious Existence" |
|
TabletPremium
join:2003-01-15
Czech | reply to Gladiator_AV
Thanks for this excellent tool.. so far I got only one FP with a file ConfigWizard.exe in Kazaa Lite installation. No other suspicious files on my system drive.. |
|
1 edit | reply to CalamityJane
Very Cool Beans! THANK YOU MICHAEL (and just in time for my birthday )
Now if I can just figure out how to work it LOL....I'm slow but I'll get there
A question: Is this just for worms and trojans, viruses, etc. (not for spyware/hijackers?)
P.S. It Talks! (Maybe we can have some of your infamous cool music at the start on the next version? )
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
|
|
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | reply to Gladiator_AV
said by Gladiator_AV:
SETUP-DOWNLOAD for Version 1.3
Thank you very much!!
--
Write your questions down on the back of a $20 dollar bill and send them to me |
|
1 edit | reply to Gladiator_AV
I checked the Enable Polymorphic Analysing and it doesn't look slow to me. That's on a spare PIII 700 Mhz box, so it must be pretty tight coded
Edited for this observation:
It would be even faster if the scan skipped some files, either user chosen or standard *.inf, *.txt, *.gif, etc
--
From the GSV "Dubious Existence" |
|
 markwp2001SpreadheadPremium
join:2002-05-25
Long Beach, MS | reply to CalamityJane
Things that cause people to be excited:
Sports fans: March Madness and the start of baseball season
Nature lovers: Beginning of spring
Geeky computer security fanatics: A new security app 
Thanks, Michael
--
Widespread Panic - when only the best will do ... |
|
| reply to Martinus
said by Martinus:
I checked the Enable Polymorphic Analysing and it doesn't look slow to me. That's on a spare PIII 700 Mhz box, so it must be pretty tight coded
Edited for this observation:
It would be even faster if the scan skipped some files, either user chosen or standard *.inf, *.txt, *.gif, etc
It does not polymorphic analyzing "all" files; only direct infectable files such as executables.
It has a filetype engine, so it does not analysing "useless" files.
--
Live Video Stream from home!
Here you can watch me at home in realtime. |
|
| said by Gladiator_AV:
It does not polymorphic analyzing "all" files; only direct infectable files such as executables.
It has a filetype engine, so it does not analysing "useless" files.
Sorry. I saw in the scanning status some references to ini and inf files. It probably displays all the files, not only those processed.
--
From the GSV "Dubious Existence" |
|
| reply to CalamityJane
said by CalamityJane:
A question: Is this just for worms and trojans, viruses, etc. (not for spyware/hijackers?)
Most of the spyware containing some sort of "Downloader-Trojans" - many of them are detected in advance.
However, it does not (yet) analysing browser helper objects (such as Explorer DLL's) but if i have the mood to do that i will try it 
--
Live Video Stream from home!
Here you can watch me at home in realtime. |
|
| reply to Martinus
said by Martinus:
Sorry. I saw in the scanning status some references to ini and inf files. It probably displays all the files, not only those processed.
Well, it must scan *.INI files because of IRC Worms
--
Live Video Stream from home!
Here you can watch me at home in realtime. |
|
| said by Gladiator_AV:
Well, it must scan *.INI files because of IRC Worms
Well done, lad !
--
From the GSV "Dubious Existence" |
|
| reply to CalamityJane
Woooo Hoooo, even I figured out how to work it ....(life is good!) |
|
| said by CalamityJane:
Woooo Hoooo, even I figured out how to work it ...
Great!!
Michael, you won't need to make a chick version after all.:) Cut development time by 2.
--
From the GSV "Dubious Existence" |
|
 spy1Welcome to AmerikaPremium
join:2002-06-24
Charlotte, NC | reply to CalamityJane
Looks good, Michael. Great job. Pete |
|
| reply to CalamityJane
Screenshot of Logfile | setup.zip 623,765 bytes
Setup Version 1.4
(setup.exe) | | |
|
|
