Author Topic: Advanced machine learning technology not so advanced  (Read 6665 times)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 5850
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Advanced machine learning technology not so advanced
« Reply #30 on: February 19, 2018, 10:14:02 PM »
Next question is, can you build your own source code to executables ?
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Raistlin

  • Member
  • ***
  • Posts: 379
Re: Advanced machine learning technology not so advanced
« Reply #31 on: February 19, 2018, 10:20:27 PM »
@hutch - Yes, using the version block and the manifest per our last discussion - works (ok-ish) so far - for Symantec but
not for Avira. Hmm, something tells me you know something I don't - from the question sets.... I'd just like a fix for all
possible scenarios across AV's. Something like : Version Block+Manifest+3lvlCert = no false positives - If we can confirm
it will actually always work.
« Last Edit: February 20, 2018, 05:57:38 AM by Raistlin »
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 5850
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Advanced machine learning technology not so advanced
« Reply #32 on: February 20, 2018, 12:52:58 PM »
I doubt that this can be achieved but you can get most things most of the time if the code you build has a manifest and version control block. This means that any source you want to build from elsewhere will have to have this added if its missing. The basic things to comprehend are use a normal 32 or 64 bit COFF header that has no extra junk in it, the manifest and version control block, don't try and run a tiny test piece as it is probably too short for an AV scanner to comprehend and avoid any messy complex branching at the start of the code just after then entry point.

The better end of AV scanners don't have the problem and will actually look at the code rather than just a check list of parts but if you get these right, you will survive most crappy AV scanners.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Raistlin

  • Member
  • ***
  • Posts: 379
Re: Advanced machine learning technology not so advanced
« Reply #33 on: May 02, 2018, 07:12:37 PM »
AAAAARRRRRGGG !! Frack !! (from Battlestar Galactica series) - Now Google Drive, Symantec, McAfee all want your code digitally signed - ELSE delete
your MASM executable. So no longer will INFO-, Version- blocks & Icons (all) work together to pass as legit. I want to cry. :(
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...

anunitu

  • Member
  • *****
  • Posts: 1043
Re: Advanced machine learning technology not so advanced
« Reply #34 on: May 02, 2018, 09:54:00 PM »
Think on this,if scanners did not make a hit on most everything users might think(Crap it does not work,and they are paying for BS.) So make your scanner hit a lot to seem VERY useful,because in many ways you can not sell without a boggy man to tell them you are protecting them from.

Mainly just my cynical take on things.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 5850
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Advanced machine learning technology not so advanced
« Reply #35 on: May 03, 2018, 02:35:44 PM »
You are not the only one to be cynical, there is an endless push from the corporate sector as well as the Unix also runs to try and impose additional controls on internet usage to either make a buck or get more control. Digital signing is one of them so you can end up with digitally signed viruses and trojans being distributed by the crooks.

Same effect with web sites, a bunch of crooks are trying to force the rest of the world to have their web sites digitally signed and its for no other reason that corporations to try and control the internet so they cam make more money.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Raistlin

  • Member
  • ***
  • Posts: 379
Re: Advanced machine learning technology not so advanced
« Reply #36 on: June 01, 2018, 05:53:04 PM »
So the latest is - any and all console apps written in ASM will detect as Win32/Fuery.B!cl Trojan
if you store and later download it from Google drive. The advanced AI - creates a Windows Defender
false positive (locally) due to a corrupted or partial Chrome download on request. FRACK again !
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...