Retrieving a “signature” could be as simple as generating a digital signature via hashing for the virus(es) respective binaries. MD5 or SHA.
I.E. implementing the following functionality in your code that I’m sure you’ve already started…:
md5sum virus -> md5hashofvirus |
md5sum virus2 -> md5hashofvirus2
Complete dossier of md5sum available here.
MD5 implementation in C available here.
However any modification to the file would render this method of detection useless (albeit that’s the end goal of encrypting a virus). An actual “virus signature” that modern AV’s use is
“any sequence of bits that can be used to accurately identify the presence of a particular virus in a given file or range of memory.”
As that level of analysis makes it a bit harder for malware manufacturers to hide the “identity” of the malware.
- www.agusblog.com/wordpress/what-is-a-virus-signature-are-they-still-used-3.htm is something that I feel you should read.
- www.labri.fr/perso/ly/publications/viro.pdf if you’re looking for something a little more indepth.
If you’d like more information, try sharing a bit more yourself.
0
solved Virus signature extraction form malware [closed]