OmniDefender - New Antivirus Software 2025

[Trident]

Ok I fixed script now it works purporely VirusTotal

This detection as well awfully looks like false positive. Ignore Google engine. Google engine detects malware in anything and everything. Not sure where Google deploys this engine (hopefully nowhere) or it’s just a playground for Google.

The rest, Bitdefender Falx could be false positive, Ikarus and QuickHeal are not trusted.

I can’t analyse the file without having it, but it doesn’t establish any suspicious connections that can suggest it attempts to steal Moreish Network (some Nigerian mobile provider) credentials or anything.

 

[OsirisXD]

I will post some zeroday pe executables wait. I know the difference but they still malware. They are different platforms which doesn't work on Windows.

I'm not interested in your tests anymore, they've lost value. If you're going to test anything with your unknown methods do it on other antiviruses to provide insight and record them all and show all of your scripts.

 

[HydraDragonAntivirus]

I looked the APK executable it doesn't seems like malware but behaviour like lockpin because it locks the phone via pin when you registered.

 

[HydraDragonAntivirus]

I'm not interested in your tests anymore, they've lost value. If you're going to test anything with your unknown methods do it on other antiviruses to provide insight and record them all and show all of your scripts.

I will do professional test if you want.

 

[Trident]

I looked the APK executable it doesn't seems like malware but behaviour like lockpin because it locks the phone via pin when you registered.

I didn’t see anything like that in the behavioural reports but I have the file now anyway.

Also, for 0-day exploits, you need to look elsewhere, not in APKs. These APKs require sideloading/social engineering. Not exploit.

 

[OsirisXD]

I looked the APK executable it doesn't seems like malware but behaviour like lockpin because it locks the phone via pin when you registered.

You say this APK “behaves like Lockpin,” but you haven’t shown its AndroidManifest.xml or any evidence at all, does it declare a DeviceAdminReceiver or use the REQUEST_PASSWORD_CHANGE Api? Your "trust me, it's malware" claims are baseless. And you haven't answered my question. What are your qualifications in this field?

 

[Trident]

You say this APK “behaves like Lockpin,” but you haven’t shown its AndroidManifest.xml or any evidence at all, does it declare a DeviceAdminReceiver or use the REQUEST_PASSWORD_CHANGE Api? Your "trust me, it's malware" claims are baseless. And you haven't answered my question. What are your qualifications in this field?

Whilst it’s true that looking at the low VT files sometimes reveals a new world (for example I discovered and reported the first rat based on JPHP), all these files reported so far have low to no detection because they are not malicious. Whilst they are certainly APKs of a questionable origin (the real apps are on Google Play), there is no suspicious behaviour.

The document sample, that’s just Excel behaviour, that’s why these sandboxes are not deployed in production, they just report and raise alarms but don’t understand the context.

Behavioural monitoring deployed on production environments is very different.

 

[OsirisXD]

Whilst it’s true that looking at the low VT files sometimes reveals a new world (for example I discovered and reported the first rat based on JPHP), all these files reported so far have low to no detection because they are not malicious. Whilst they are certainly APKs of a questionable origin (the real apps are on Google Play), there is no suspicious behaviour.

The document sample, that’s just Excel behaviour, that’s why these sandboxes are not deployed in production, they just report and raise alarms but don’t understand the context.

Behavioural monitoring deployed on production environments is very different.

Agreed, if tangible proof is provided on an unknown and new sample's maliciousness, whether through static analysis (metadata, features, reverse engineering for example) or dynamic analysis (file, registry, memory, network activity...) and they document its behavior and classification, we'd acknowledge and thank the analyst who discovered the new threat and populate it to existing threat intelligence feeds. The main issue is @XylentAntivirus is doing none of those things, not even one.

 

[HydraDragonAntivirus]

I didn’t see anything like that in the behavioural reports but I have the file now anyway.

Also, for 0-day exploits, you need to look elsewhere, not in APKs. These APKs require sideloading/social engineering. Not exploit.

Zero day malware also means fresh sample but I don't think this apk is malware anymore but needs more deep analysis.

 

[Fan-of-spyshelter]

@OsirisXD

proove your qualification too, to the world, if you want to be a legitimate marchant,

Show us your last report from your graduate school, because developper, is not securty developper.

thoes are different domains in terms of compliancy.

 

[Trident]

Zero day malware also means fresh sample but I don't think this apk is malware anymore but needs more deep analysis.

But you are developing solution for Windows at the moment, from the point of view of your solution, this is not even a latent threat — it doesn’t affect Windows at all.

So why don’t you laser focus on Windows malware? Look at exe, msi (very common vector, often not so well covered), scripts (js, vbs, vbe, ps1, bat), java files (as well usually poor coverage) and so on?

 

[HydraDragonAntivirus]

But you are developing solution for Windows at the moment, from the point of view of your solution, this is not even a latent threat — it doesn’t affect Windows at all.

So why don’t you laser focus on Windows malware? Look at exe, msi (very common vector, often not so well covered), scripts (js, vbs, vbe, ps1, bat), java files (as well usually poor coverage) and so on?

Yeah you are right. I should focus on .js .vbs .vbe .ps1 .bat .java .py .hta etc. But for now I will test againist farirly known 53k only pe file samples (Most antiviruses maximum misses 6 samples).

 

[Trident]

Yeah you are right. I should focus on .js .vbs .vbe .ps1 .bat .java .py .hta etc. But for now I will test againist farirly known 53k only pe file samples (Most antiviruses maximum misses 6 samples).

Are you testing Hydra Dragon Antivirus?

 

[HydraDragonAntivirus]

Are you testing Hydra Dragon Antivirus?

No I'm now tesitng OmniDefender if I test against my one it will not miss any sample due to it's known and trained data.

 

[Trident]

No I'm now tesitng OmniDefender if I test against my one it will not miss any sample due to it's known and trained data.

What kind of machine learning model(s) did you use?

 

[Trident]

@OsirisXD

proove your qualification too, to the world, if you want to be a legitimate marchant,

Show us your last report from your graduate school, because developper, is not securty developper.

thoes are different domains in terms of compliancy.

Hello,

I am very interested in testing your security solution.

Can you please help me download and install your security product so I can test it and write a review?

I’m looking everywhere but can’t find it???

Please assist with a link.

Regards,

 

[HydraDragonAntivirus]

What kind of machine learning model(s) did you use?

I improved my module myself. It checks every pe file information and it works -well somehow. Test will be started few minutes later.

 

[Trident]

I improved my module myself. It checks every pe file information and it works -well somehow. Test will be started few minutes later.

I see but are you using something like random forest, potentially gradient-boosted, could be GPU optimised, you could have converted malware to visual representation, could be on raw bytes. Could be neural networks and so on.

That’s why I’m asking.

You see, in the OmniDefender case we found out it’s LightGBM. So it’s gradient-boosted decision trees.

 

[HydraDragonAntivirus]

I tested with serious test it blocks too later on but that's too late. The malware cooked system yet again. It detects stuff but it's too late.

 

[HydraDragonAntivirus]

You must fix the realtime protection first.