Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

This site really seems like snakeoil + fake AV potential candidate.

This forum focuses on analyzing malware and any aspects of dealing with packer protections.
Locked
encryptedmind
Junior Member
Posts: 14
Joined: Thu Apr 04, 2013 9:04 pm

This site really seems like snakeoil + fake AV potential candidate.

Post by encryptedmind »

www.av-sdk.com

The above link directs to a site that claims to sell an av sdk, that uses only heuristics to get the best detection in the industry. This really seems weird. Any ideas?

I did a preliminary analysis of the software sometime back.

The main GUI is permanently disabled with the date set some years back. And that is just a string in the disassembly. Further, the gui actually calls another dll called mvm.dll or so and the dll has a few valid exports. But the gui actually never calls anything. And the software is a trial sdk version or something. Its quite weird and seems more like a joke site.
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

GUI has code, which loads 'mvm.dll' & resolves ordinals. also there is code to call those resolved ordinals.
encryptedmind
Junior Member
Posts: 14
Joined: Thu Apr 04, 2013 9:04 pm

Post by encryptedmind »

evaluator wrote:GUI has code, which loads 'mvm.dll' & resolves ordinals. also there is code to call those resolved ordinals.
Yeah, so does the software actually run ? There can be all sorts of compiled useless code but I dont think the trial version date is reset or that the software actually works. Like 2 MB consisting of a PE parser, Heuristic engine, sandbox and dynamic engine. If it does not work in the first place, any point in doing a dead listing?
What I meant was regarding the ordinals is that the code itself is redundant, never mind the call instructions to dll ordinals.

Would be great if you could do some corroboration on the effectiveness of the tool.
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

fake
encryptedmind
Junior Member
Posts: 14
Joined: Thu Apr 04, 2013 9:04 pm

Post by encryptedmind »

Indy wrote:fake
Thanks for that Indy. The price tags are pretty awesome as well. Its Russian ostensibly. They have this site up for quite a long time. I don't know who really buys this stuff....

There is another av product called Twister AV. Its not really well known (VirusTotal etc) but there seems to be a dubious web presence here and there.
User avatar
Indy
Posts: 311
Joined: Sun Nov 08, 2009 4:32 am

Post by Indy »

Better than MSE/VBA you will not find anything. But they also useless..
Locked