Results 1 to 6 of 6

Thread: This site really seems like snakeoil + fake AV potential candidate.

  1. #1

    This site really seems like snakeoil + fake AV potential candidate.

    www.av-sdk.com

    The above link directs to a site that claims to sell an av sdk, that uses only heuristics to get the best detection in the industry. This really seems weird. Any ideas?

    I did a preliminary analysis of the software sometime back.

    The main GUI is permanently disabled with the date set some years back. And that is just a string in the disassembly. Further, the gui actually calls another dll called mvm.dll or so and the dll has a few valid exports. But the gui actually never calls anything. And the software is a trial sdk version or something. Its quite weird and seems more like a joke site.

  2. #2
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    GUI has code, which loads 'mvm.dll' & resolves ordinals. also there is code to call those resolved ordinals.

  3. #3
    Quote Originally Posted by evaluator View Post
    GUI has code, which loads 'mvm.dll' & resolves ordinals. also there is code to call those resolved ordinals.
    Yeah, so does the software actually run ? There can be all sorts of compiled useless code but I dont think the trial version date is reset or that the software actually works. Like 2 MB consisting of a PE parser, Heuristic engine, sandbox and dynamic engine. If it does not work in the first place, any point in doing a dead listing?
    What I meant was regarding the ordinals is that the code itself is redundant, never mind the call instructions to dll ordinals.

    Would be great if you could do some corroboration on the effectiveness of the tool.

  4. #4

  5. #5
    Quote Originally Posted by Indy View Post
    fake
    Thanks for that Indy. The price tags are pretty awesome as well. Its Russian ostensibly. They have this site up for quite a long time. I don't know who really buys this stuff....

    There is another av product called Twister AV. Its not really well known (VirusTotal etc) but there seems to be a dubious web presence here and there.

  6. #6
    Better than MSE/VBA you will not find anything. But they also useless..

Similar Threads

  1. Kaspersky - fake av.
    By Indy in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: December 31st, 2013, 14:49
  2. Replies: 6
    Last Post: July 23rd, 2011, 04:28
  3. Replies: 30
    Last Post: March 27th, 2011, 13:56
  4. Hardlock, fake or really implemented
    By OHPen in forum The Newbie Forum
    Replies: 2
    Last Post: April 15th, 2003, 13:30

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •