A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #15384  by shellcode4fun
 Tue Aug 28, 2012 1:55 pm
Hello everybody!

I see many users interested in this classic anti-executable called EXE Radar Pro, developed by NoVirusThanks company srl.

I analyzed a bit this software and, despite what it should be able to do (prevent any executable from running), it actually contains several design bugs that compromise the effectiveness of this security tool.

I have uploaded a video showing how a simple exploit using specific shellcode I've written can effectively bypass EXE Radar Pro. Link to the video is the following: http://www.youtube.com/watch?v=5KXbnIhhODc . Hope you'll enjoy it.

Keep up the good work kernelmode.info board!
 #15423  by shellcode4fun
 Thu Aug 30, 2012 11:36 am
I've just seen the new update to the build 2.6.6.0. Change log is:
[29-08-2012] v2.6.6.0
+ Fixed refreshing of processes in x86 version when "Processes" tab is opened
+ Fixed IE problem that allowed it to start a process if "Auto-Allow System Processes" was checked
Looks like that there was at least another serious vulnerability as written in the change log. Anyway, it wasn't the one I'm exploiting. A new video with the build 2.6.6.0 tested: http://www.youtube.com/watch?v=8_frYKeTllA

I've received a question about testing the exploit after disabling the "Auto allow system processes" option. I already recorded the video before reading the question, so I couldn't record it again as well, anyway disabling such option doesn't stop my exploit from executing the trojan ;)