{"id":3594,"date":"2016-04-06T23:43:30","date_gmt":"2016-04-06T23:43:30","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=3594"},"modified":"2016-04-06T23:46:47","modified_gmt":"2016-04-06T23:46:47","slug":"dexray-twentin-quarantino","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2016\/04\/06\/dexray-twentin-quarantino\/","title":{"rendered":"DeXRAY – Twentin Quarantino"},"content":{"rendered":"

DeXRAY now supports over twenty Quarantine filetypes. I set a goal to look at one AV per day, unless I am busy with other stuff. So far, the results are kinda predictable: the most difficult to access with a debugger \/ crack \/ analyze are Chinese, Russian, and… Microsoft. The rest of the files took between 2 minutes to 2h of work max. It’s a great reversing experience as it’s heavily time-sensitive research (I want to crack it in one session), and at the same time I am learning about many pointers which I can use for further research and study. The guys @ProjectZero<\/a> are unfortunately right. The moment you start looking at AV internals you discover lots of juicy stuff. Ouch. I strongly believe the AV is _needed_ in a current ‘open ecosystem’ setup existing in most of the companies, but it’s time AV vendors really review their code.<\/p>\n

Anyway…<\/p>\n

I have added support for Baidu .qv, CMC Antivirus *.cmc, and F-Prot .tmp Quarantine files. Confirmed Lavasoft AdAware\u00a0 to be using BitDefender’s Quarantine files (.bdq), confirmed Comodo stores Quarantine files w\/o encryption \ud83d\ude42<\/p>\n

The full list of supported or recognized file formats is listed below:<\/p>\n