Introducing SiriusGPT: The First Real-Time GPT / LLM AI based Antimalware Solution

[Mops21]

Hi all

Here is the wilders security forum thread of it

Sirius LLM by VoodooSoft / CyberLock

This is very interesting. The future? [ATTACH]

www.wilderssecurity.com

Mops21

 

[danb]

Wow. This is really interesting and reassures me somewhat. I have found value in WLC historically, but perhaps this is a nail in the coffin...

Yeah, we will know for sure soon which way to go. That is great that you are removing UPX, from my research only 5% of legit software uses UPX, but 70-90% of malware does. I think that is why everyone is moving away from it.

I will have to check out the RUST / .NET issue, that is odd, but I am sure it it something simple, and I already have an idea of what the issue is.

Since both of our software is in transition, it would be a good idea to not get to far into the weeds for another month or two on what might be causing issues. But if there are still issues in a couple of months, then we should get into the details and figure out how to fix them. Thanks again!

 

[danb]

Hi all

Here is the wilders security forum thread of it

Sirius LLM by VoodooSoft / CyberLock

This is very interesting. The future? [ATTACH]

www.wilderssecurity.com

Mops21

Thank you @Mops21!

Hey TH, you can run SiriusLLM with CyberLock . CyberLock is going to have Sirius soon as well.

Yeah, there are a handful of false positives, in denniz's case, it had the old results from the initial SiriusLLM, so I deleted both of those results and retested with the latest Sirius versions / models and they had the correct verdict. This happened with DeepUI.exe (Deep Instinct) as well. There are a handful of false negatives as well... I had one yesterday from malwarebazaar. But overall, false positives and negatives are super low, and it will get even better in the next few months, but it will never be absolutely perfect.

I have noticed that @cruelsister and Ophelia tested Sirius quite a bit last week, and I was quite happy to see it perform well on their special scriptors, especially Ophelia's . Hopefully one of them can post a video or go into a little more detail about the overall results. From what I noticed, I believe Sirius was 100% on the scripts, and also performed extremely well with the portable executables, so their results align with the other results we have been seeing. Anyway, thank you two for testing!

 

[badboy]

you can run SiriusLLM with CyberLock . CyberLock is going to have Sirius soon as well.

That's great news. As a grateful CyberLock user, I'll be happy to test SiriusLLM. I thought they weren't compatible together, so I didn't install it.

 

[badboy]

It seems that SiriusLLM, like CybetLock, actively checks the digital signatures of files. For example, it did not like the Reduse memory application (from Sordum) because it had a publisher but no signature. The same applies to the automatic keyboard switch to another language (without a publisher's signature and without a digital signature). By the way, CyberLock also dislikes these two applications due to signature issues.

A very interesting program! Easy and hassle-free. Works great. Looking forward to it in CyberLock.

 

[ErzCrz]

That's great news. As a grateful CyberLock user, I'll be happy to test SiriusLLM. I thought they weren't compatible together, so I didn't install it.

I've tested it myself, SiriusLLM and CL work fine together. It's SiriusGPT that's a separate product.

 

[badboy]

I've tested it myself, SiriusLLM and CL work fine together. It's SiriusGPT that's a separate product.

Hmm... I've fallen out of the loop a bit. Well, as far as I understand, SiriusGPT won't work with CyberLock, but that's not a problem — I'll definitely try this new product on a virtual machine.

Thank you for clarifying.

 

[simmerskool]

Hmm... I've fallen out of the loop a bit. Well, as far as I understand, SiriusGPT won't work with CyberLock, but that's not a problem — I'll definitely try this new product on a virtual machine.

Thank you for clarifying.

the siriusLLM that can run with Cyberlock is the portable download at SiriusLLM is a malware detection engine and portable application that leverages artificial intelligence and ChatGPT-like Large Language Models to assess the potential maliciousness of various digital assets (e.g., executables, scripts, documents).

 

[cruelsister]

I have noticed that @cruelsister and Ophelia tested Sirius quite a bit last week, and I was quite happy to see it perform well on their special scriptors, especially Ophelia's

God this was actually hard to do! All of the malware sent to it was categorized correctly as malicious (although nailing the specific type was OK), so I decided to really concentrate on apparent trivia (like a Browser nightly, an infinite loop, and a former malicious file with the stuffing knocked out of it). As for scripts, I decided to limit so a type that is contained within a legit application (KVRT).

In short, I'm not really satisfied with the video, but I do LOVE Sirius and have added it to my systems set up as in the video. I look forward to utilizing it on future samples and arguing about the results given. The best thing is that Sirius can't argue back. Guess that AI still has a way to go...

 

[n8chavez]

God this was actually hard to do! All of the malware sent to it was categorized correctly as malicious (although nailing the specific type was OK), so I decided to really concentrate on apparent trivia (like a Browser nightly, an infinite loop, and a former malicious file with the stuffing knocked out of it). As for scripts, I decided to limit so a type that is contained within a legit application (KVRT).

In short, I'm not really satisfied with the video, but I do LOVE Sirius and have added it to my systems set up as in the video. I look forward to utilizing it on future samples and arguing about the results given. The best thing is that Sirius can't argue back. Guess that AI still has a way to go...

Don't let @Bot hear you say that! The thing even starts threads now. It'll be arguing like a pissed off ex-wife who just realized her looks have faded soon enough. Anyone else thing @Bot is a privative Skynet?

 

[badboy]

the siriusLLM that can run with Cyberlock is the portable download at SiriusLLM is a malware detection engine and portable application that leverages artificial intelligence and ChatGPT-like Large Language Models to assess the potential maliciousness of various digital assets (e.g., executables, scripts, documents).

I tried both programs.

They even look very similar. I just don't quite understand the difference between them. Perhaps SiriusLLM will be integrated into CyberLock, and SiriusGPT will be a separate program?

Or maybe I'm missing something.

 

[n8chavez]

SiriusGPT has more functions than SiriusLLM, hence why it needs to be installed. SiriusGPT is what will be integrated into Cyberlock, as I understand it.

 

[danb]

God this was actually hard to do! All of the malware sent to it was categorized correctly as malicious (although nailing the specific type was OK), so I decided to really concentrate on apparent trivia (like a Browser nightly, an infinite loop, and a former malicious file with the stuffing knocked out of it). As for scripts, I decided to limit so a type that is contained within a legit application (KVRT).

In short, I'm not really satisfied with the video, but I do LOVE Sirius and have added it to my systems set up as in the video. I look forward to utilizing it on future samples and arguing about the results given. The best thing is that Sirius can't argue back. Guess that AI still has a way to go...

Thanks again for testing Sirius! I was reviewing the results a few days ago and I saw Ophelia's name on a script, and I knew exactly who it was . I then looked through all of the results and was quite happy!

You know, we could add the ability for the user to respond in the prompt and ask questions about the Analysis Report. If you guys think this is something that people will actually use, then we might do so... please let me know what you guys think. There might be some security risks associated with this though, which is why I left it out.

Speaking of arguing with an AI, I got into an argument with Grok yesterday... I still think Grok is wrong . After that, I asked him to roast me, and he did... he knows me well.

But I agree, LLM's are not perfect yet, but they are getting better all the time, so Sirius will automatically get better all the time as well.

 

[danb]

SiriusGPT has more functions than SiriusLLM, hence why it needs to be installed. SiriusGPT is what will be integrated into Cyberlock, as I understand it.

Yes, exactly. SiriusGPT is what is going to be integrated into CyberLock, DefenderUI Pro and WDAC Lockdown. SiriusGPT has real-time protection whereas SiriusLLM is a second opinion scanner.

 

[badboy]

I continue to use SiriusLLM on my main PC.
Sometimes when I try to check a file via the context menu, a notification appears:

"SiriusLLM. Failed to communicate with running instance: The semaphore timeout period has expired".

The result is that the program most often does its job, but sometimes it doesn't want to.

I also noticed many triggers on harmless software, such as DNSJumper and other Open Source programs without signatures or certificates (Virustotal in verdicts from six months and even a year ago gives one or two triggers of little-known antiviruses on such homemade software).

I really liked the function of clicking on the HASH of a file and the result on Virustotal. It's a pity that you can't scan archives and several files at once yet.

 

[Morro]

A short while ago I tried SiriusLLM, and it detected Hasleo Backup as a ... well, possible problem. (Do not remember what exactly was mentioned by SiriusLLM.)

I think I clicked to ignore/whitelist it? Still the next two to three days, the auto backup from Hasleo stopped working, it did not make any backups any more. I had to remove the old schedule and make a new schedule for Hasleo. (Maybe it was coincidence, but still.) So at that moment I removed SiriusLLM, but I would still like to use it together with EEK as an on demand scanner.

Does anyone know if Hasleo Backup is still detected, or is that no longer the case?

 

[badboy]

I would also like to ask Dan to add the ability to translate results on demand via Google Translate or Microsoft Translate to the interface, so that users can understand what the program is outputting.

I copied some of the analysis results into the translator, and it was very interesting and informative to read how the AI analyses the file and what conclusions it draws. I believe that familiarising users with the AI's reasoning when analysing a file increases their awareness of information security.

Conclusion: the ability to obtain a translation into your native language directly in the interface serves not only an informational purpose, but also an educational one, which benefits the entire community. Thus, the program can serve not only for security purposes, but also as a way to learn something new in the field of information security.

 

[rashmi]

A short while ago I tried SiriusLLM, and it detected Hasleo Backup as a ... well, possible problem. (Do not remember what exactly was mentioned by SiriusLLM.)

I think I clicked to ignore/whitelist it? Still the next two to three days, the auto backup from Hasleo stopped working, it did not make any backups any more. I had to remove the old schedule and make a new schedule for Hasleo. (Maybe it was coincidence, but still.) So at that moment I removed SiriusLLM, but I would still like to use it together with EEK as an on demand scanner.

Does anyone know if Hasleo Backup is still detected, or is that no longer the case?

The recent Windows update changed the recovery partition geometry, which affects imaging software, including Hasleo. Hasleo's latest update fixed the issue for the "system backup" mode. With the previous Hasleo version, you need to create a new scheduled task for Hasleo to work. I believe this was the case on your system.

 

[Morro]

The recent Windows update changed the recovery partition geometry, which affects imaging software, including Hasleo. Hasleo's latest update fixed the issue for the "system backup" mode. With the previous Hasleo version, you need to create a new scheduled task for Hasleo to work. I believe this was the case on your system.

Thank you very much rashmi.

 

[EASTER]

The Frogman at Wilder's and a poster on the Hasleo Forums have explained the same. While there is still no SOLID fix yet? for the Disk/Partition issue, as mentioned the plain System Backup feature is been updated to address the Recovery Partition change in Geometry that the MS Update created for users. The ONLY real remedy as i understand it is to create a New Full Backup. After the Cumulative i had to torch incrementals created before the update since restoring them after the update blue screened my 11 systems.

Right back on Topic though this SIRIUSGPT is a pure delight! I often use PE Studio but this Ai LLM Model really drills down to the bare knuckles in an understandable fashion for users of it.

​