This forum uses cookies. Click X button to hide this message. What is stored? / Privacy
Total Commander Forum Index Total Commander
Forum - Public Discussion and Support
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Bitchaos WDX plugin

 
Post new topic   Reply to topic    Total Commander Forum Index -> Plugins and addons: devel.+support (English) Printable version
View previous topic :: View next topic  
Author Message
Kick10
Junior Member
Junior Member


Joined: 16 Apr 2006
Posts: 2

PostPosted: Sun Apr 07, 2013 1:09 am    Post subject: Bitchaos WDX plugin Reply with quote

Content plugin with gentlemen's feature set to determine the malware :)
Is able to identify Windows PE executable files, regardless of extension being used and show the following information on them:

- Is file packed or encrypted (heuristically determines)
- The validity of digital signature
- The name of PE section in which program entry point is located (useful for determining infection with file viruses)
- A list of PE sections and their entropy in percents
- The presence of a file version information(the information itself is not displayed, only the fact of its presence for the convenience of the Advanced Search)
- A summary of the use of some winapi-functions (does application use a network, files, registry, processes, etc). It analyzes the import table, so the dynamically loaded libraries are not considered. List of api functions can be edited in the file funcgroups.json
- Detection of the file by antivirus software. Plugin checks detection using file MD5 hash with online detection service VirusTotal (uses 50+ antiviruses). This function can be very slow with poor internet connection. Detects are cached on the user's computer, if you need to rescan the files, you need to delete the cache file "verdicts" in the plugin folder.
You can also use the plug-in columns for advanced search and file highlighting.

Plz write bug reports here
Back to top
View user's profile Send private message
fenix_productions
Power Member
Power Member


Joined: 07 Aug 2005
Posts: 1950
Location: Poland

PostPosted: Sun Apr 07, 2013 3:15 am    Post subject: Reply with quote

@Kick10
What are the rules for defining that files is OK for AV check?
Should VirusTotal result have no detection at all or is it percentage based?

Will this plugin show how many scanners detected virus in file or just say NO? What about additional columns with the names of antiviruses which decided that my file is not safe any more?

It would be also nice to have separate columns for function groups (easier to read that way).

Could you also provide more groups for average user or info about them? I know that "average" word may not fit to TC user base but searching online for Windows DLLs information about networking is too much hassle - there is no network in funcgroups.json.

Either way: simple but GREAT idea this plugin is!
_________________
"When we created the poke, we thought it would be cool to have a feature without any specific purpose." Facebook...

#128099
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Nigurrath
Senior Member
Senior Member


Joined: 05 Feb 2003
Posts: 217

PostPosted: Sun Apr 07, 2013 3:11 pm    Post subject: Reply with quote

as a wlx would also be extremely useful!
_________________
TC9.1b 32b on a WIN10 64b
Back to top
View user's profile Send private message
Kick10
Junior Member
Junior Member


Joined: 16 Apr 2006
Posts: 2

PostPosted: Tue Apr 09, 2013 10:45 am    Post subject: Reply with quote

Quote:
fenix_productions

Hello, it av check does the following:

Gets VT response, and checks if one of the following vendors detected file as bad:

Kaspersky
Symantec
BitDefender
NOD32

if so, it returns their detect. If none of them says its malware, then it checks if more then 1/3 of all vendors detects it as malware, and displays verdict of the first vendor the detected it as malware. Otherwise file is considered OK.

btw thanks for your comments, I'm thinking on how to add some features you proposed.
Back to top
View user's profile Send private message
byblo
Senior Member
Senior Member


Joined: 20 Feb 2005
Posts: 211

PostPosted: Sun Jul 23, 2017 3:27 am    Post subject: Reply with quote

Hello.

Very useful plugin, thank you Smile


Got some question about how it is working:

- Why is it connecting to detectcache.appspot.com instead of virustotal.com in some occasions?

- Is is possible to connect exclusively to virustotal.com ?


- Can you comment the entries from the bitchaos.ini file?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Total Commander Forum Index -> Plugins and addons: devel.+support (English) All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Imprint/Impressum: This site is maintained by Ghisler Software GmbH
Privacy Policy | Datenschutzerklärung | Politique de Confidentialité

Using phpBB © phpBB Group