MultCheck: Identifies bad bytes from static analysis with any Anti-Virus scanner

by ddos · June 3, 2024

MultCheck

MultCheck is a malware-analysis tool that can be used to test the detection of a file by multiple AV engines.

It is designed to be easy to use and to be able to test multiple AV engines. It is also designed to be easy to extend and to be able to add custom AV engines.

Supported Scanners

Windows Defender (winDef)

Install

Run go build under the root directory of the project.

$ cd src
# Build for Windows
## 64-bit
$ GOOS=windows GOARCH=amd64 go build -o ../bin/multcheck_x64.exe main.go

## 32-bit
$ GOOS=windows GOARCH=386 go build -o ../bin/multcheck_x32.exe main.go

Or directly run the compiled binaries in Releases.

Configuration

The configuration file for custom scanners is a JSON file with the following structure:

{
  "name": "AV name",
  "cmd": "Scan Program (with full PATH) for scanning the target file.",
  "args": "Scan arguments, use {{file}} as the file name to be scanned.",
  "out": "A string present in positive detection but not in negative"
}

Usage

MultCheck accepts a target file as an argument: ./multcheck <target_file>

Different built-in scanners can be used by specifying the -scanner flag: ./multcheck -scanner <scanner_name> <target_file>

Custom scanners can be added by creating a configuration file and providing the path to the file through the -scanner flag: ./multcheck -scanner <path_to_config_file> <target_file>

Demo

Source: https://github.com/MultSec/

MultCheck: Identifies bad bytes from static analysis with any Anti-Virus scanner

Search

Brilliantly

Content & Links