WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Dec 14, 2018
- 643
Hi B.Richter,
Thanks for testing WiseVector. Currently WiseVector has file monitor and pre-execution blocker. We plan to add AI-Driven behavior detection in the next version.
For now WiseVector scanning files when they’re created, and before you open them. You said "SMSvcHost32.exe" was identified as
malware by WiseVector, so it should be blocked when you open it. I don't understand why it is running like nothing happened...
For "rad4F36F.tmp", Did WiseVector identify it as malware? (Right-click on the file, scan it with WiseVector).
Please make sure Tencent PC Manager did not block anything when installing WiseVector. The installer need to make some changes to the registry, if it was blocked by Tencent. The pre-execution monitor may not work.
Eason
WiseVector, inc.
Hello Eason,
thank you for the very fast reply
*Behavior Blocker - thanks for letting me know that this will be implemented soon, should be a great addition!
*SMSvcHost32.exe - yes, you can see the alert window bottom right, I clicked it seconds after (I'm not sure if WiseVector freezes execution of malware in the current release? It seems to wait for user input (quarantine), meanwhile, malware can execute and damage the system). That should be addressed. Tencent PC Manager autodecides (intercept and autoquarantine), the warning messages are information only.
Note that I did extract the archive, WiseVector began detecting malware, I confirmed every "SHIELD_DEAL" warning. Additionally, the malware folder was scanned by Custom Scan, before I began executing the leftover malwares. It did not detect the malware on Static scan.
*rad4F36F.tmp - I might recheck, but as far as I'm aware, these payloads (presumably .exe files) are signed with a valid certificate in order to bypass security products. Those scriptor droppers (here: aaa.js) drop multiple payloads, I think they're all the same malware. Usually, it's csrss.exe, a .jpg file and one of the rad's. Trying to find another sample today, maybe I can extract the .exe for analysis, I will provide if so.
It was dropped by the scriptor (aaa.js) and executed, it wasn't in the initial download folder so I couldn't scan it. As seen in the screenshots, it did perform multiple outbound connections (which remained after the attack, Shade Ransomware has RAT abilities as far as I know), and shortly after execution, the ransomware began encrypting the system.
*Tencent PC Manager - I have another computer not yet equipped with WiseVector. I will perform some tests on that one, just to make sure. It is equipped by Tencent PC Manager as well, but I will completely disable it during installation to make sure nothing is blocked.
- Dec 14, 2018
- 643
Hi B.Richter,
Before we go, you should download the English version of WiseVector at here: http://www.wisevector.com/WiseVector_Setup_EN.exe
We made it for testing purpose only . You need to first uninstall the previous version.
If WiseVector failed to freeze execution of malware. Below would be the possible reasons,
1. You didn't restart your computer after installing WiseVector.
2. Some other AV prevented WiseVector from making changes in registry.
After installing WiseVector, you should restart your computer to enable the Real-Time protection. Then open Process Hacker(If you don't have it, you can use Process Explorer instead). Double-click on "Explorer.exe", you should see two dlls belong to WiseVector have been loaded into explorer.exe.
See Screenshot below,
If you can't see these dlls, that means something goes wrong.
If all goes well, WiseVector should prevent malware from running. Like screenshot below,
For now WiseVector implements an AI technology to detect threats is Portable Executables (PE), PDFs, RTFs, and Office Documents. Not for scripts.
Eason
WiseVector
Before we go, you should download the English version of WiseVector at here: http://www.wisevector.com/WiseVector_Setup_EN.exe
We made it for testing purpose only
. You need to first uninstall the previous version.If WiseVector failed to freeze execution of malware. Below would be the possible reasons,
1. You didn't restart your computer after installing WiseVector.
2. Some other AV prevented WiseVector from making changes in registry.
After installing WiseVector, you should restart your computer to enable the Real-Time protection. Then open Process Hacker(If you don't have it, you can use Process Explorer instead). Double-click on "Explorer.exe", you should see two dlls belong to WiseVector have been loaded into explorer.exe.
See Screenshot below,
If you can't see these dlls, that means something goes wrong.
If all goes well, WiseVector should prevent malware from running. Like screenshot below,
For now WiseVector implements an AI technology to detect threats is Portable Executables (PE), PDFs, RTFs, and Office Documents. Not for scripts.
Eason
WiseVector
Hi @WiseVector
I have some questions for you
1. How can I submit Samples to you for analyze
2. Any Infos for the multilanguage Version of it
3. Will you add the Scan Engine to virustotal
With best Regards
Mops21
I have some questions for you
1. How can I submit Samples to you for analyze
2. Any Infos for the multilanguage Version of it
3. Will you add the Scan Engine to virustotal
With best Regards
Mops21
Good morning Eason,Hi B.Richter,
Before we go, you should download the English version of WiseVector at here: http://www.wisevector.com/WiseVector_Setup_EN.exe
We made it for testing purpose only
If WiseVector failed to freeze execution of malware. Below would be the possible reasons,
1. You didn't restart your computer after installing WiseVector.
2. Some other AV prevented WiseVector from making changes in registry.
After installing WiseVector, you should restart your computer to enable the Real-Time protection. Then open Process Hacker(If you don't have it, you can use Process Explorer instead). Double-click on "Explorer.exe", you should see two dlls belong to WiseVector have been loaded into explorer.exe.
See Screenshot below,
View attachment 203547
If you can't see these dlls, that means something goes wrong.
If all goes well, WiseVector should prevent malware from running. Like screenshot below,
View attachment 203548
For now WiseVector implements an AI technology to detect threats is Portable Executables (PE), PDFs, RTFs, and Office Documents. Not for scripts.
Eason
WiseVector
thank you for providing a English version so soon, looks good
Set it up now, uninstalled previous WV via RevoUninstaller.
Made sure to deactivate Tencent PC Manager Global.
WiseVector asked to reboot the system after installation, done.
One thing I've noticed the update process did not work when VPN was on (unfortunately, it's mandatory for Malware HUB testing - "needed to protect your real IP from malware processing "). This could be a reason for some detections missing?
However, with VPN on, the AI still was working for most files.
Tencent PC Manager works flawlessly with VPN.
I've found the .dll, and WiseVector is in AutoRuns, it should work well.
- Dec 14, 2018
- 643
Hi Der.Reisende,Good morning Eason,
thank you for providing a English version so soon, looks good
View attachment 203577
Set it up now, uninstalled previous WV via RevoUninstaller.
Made sure to deactivate Tencent PC Manager Global.
WiseVector asked to reboot the system after installation, done.
One thing I've noticed the update process did not work when VPN was on (unfortunately, it's mandatory for Malware HUB testing - "needed to protect your real IP from malware processing "). This could be a reason for some detections missing?
However, with VPN on, the AI still was working for most files.
Tencent PC Manager works flawlessly with VPN.
I've found the .dll, and WiseVector is in AutoRuns, it should work well.
View attachment 203576
When VPN is on, can you open our official website (https://www.wisevector.com/)?
According to the screenshot, WiseVector was not working, because there should be two DLLs, but you had only one.
If the secure boot(you can see it in your BIOS) is enabled, Explore.exe would not load WiseVector's DLLs. Because WiseVector uses Appinit_DLLs to load dlls. Yes, it's a problem, we will not use Appinit_DLLs in the next version of WiseVector.
Please read: AppInit DLLs and Secure Boot - Windows applications for more details about Secure Boot.
Wendy
WiseVector
- Dec 14, 2018
- 643
Hi Mops21,
Thank you for your interest in WiseVector.
1. Please submit samples by "Upload File" at the bottom of WiseVector.
2. Please download the English version at
Code:
http://www.wisevector.com/WiseVector_Setup_EN.exeBest regards,
Wendy
WiseVector
Hi @WiseVector
Thank you very much for your Infos
1. Will you release more languages as example German Version of it
2. When you add it to virustotal how can I submit samples to you
With best Regards
Mops21
Good evening Wendy!
Unfortunately, I cannot reach the page when VPN is on.
I’m using F-Secure FreeDome VPN.
F-Secure FREEDOME VPN — Schutz der Online-Privatsphäre
Can reach Tencent page, but it’s delayed. Cannot reach Rising homepage. It’s difficult to reach Chinese pages with VPN on.
Will check for Secure Boot ASAP, currently, I’m not at home, so I’m replying by mobile.
Thank you very much for your help, highly appreciated
- Dec 14, 2018
- 643
Good evening Wendy!
Unfortunately, I cannot reach the page when VPN is on.
I’m using F-Secure FreeDome VPN.
F-Secure FREEDOME VPN — Schutz der Online-Privatsphäre
Can reach Tencent page, but it’s delayed. Cannot reach Rising homepage. It’s difficult to reach Chinese pages with VPN on.
Will check for Secure Boot ASAP, currently, I’m not at home, so I’m replying by mobile.
Thank you very much for your help, highly appreciated
Hi Der.Reisende,
You are welcome, this is my job
Can you switch your VPN server's IP?
Our server is in Hongkong and it's out of the control of the Great Fire Wall, so I think the update process should goes well.
Best regards,
Wendy
WiseVector
- Dec 14, 2018
- 643
Hi Mops21,
You are welcome.
1.Yes we will, but now we only have Chinese and English version.
2.You can submit samples by "Upload File" at the bottom of WiseVector directly, no matter we add it to virustotal or not. I think it's more convenient and efficient.
Best regards,
Wendy
Wisevector
Hello Wendy,Hi Der.Reisende,
You are welcome, this is my job
Can you switch your VPN server's IP?
Our server is in Hongkong and it's out of the control of the Great Fire Wall, so I think the update process should goes well.
Best regards,
Wendy
WiseVector
had no time to check Secure Boot yet (will soon leave for Munich to see a concert), but I had time to check the VPN issue.
Now switched to Windscribe VPN (Free), I can confirm that the webpage can be opened flawlessly by HK server location.
Had to replace F-Secure FreeDome, my internet was unusable with their HK server (it did not open your page, and all others were super slow loading).
Thank you for your help, have a fantastic day
- Dec 14, 2018
- 643
Hi Der.Reisende,
Please see the red circle of the screenshot.
Sorry for this problem, it has been fixed, please update WiseVector, it will show correctly.
Have a nice day!
Wendy
WiseVector
Please see the red circle of the screenshot.
Sorry for this problem, it has been fixed, please update WiseVector, it will show correctly.
Have a nice day!
Wendy
WiseVector
- Apr 28, 2015
- 8,910
- Dec 14, 2018
- 643
Hi harlan4096,
Which OS are you running?
Please see the red circle of the screenshot. It looks bad...we want to know why.
Looking forward to your reply.
Thank you.
Wendy
WiseVector
Which OS are you running?
Please see the red circle of the screenshot. It looks bad...we want to know why.
Looking forward to your reply.
Thank you.
Wendy
WiseVector
- Apr 28, 2015
- 8,910
Yeah I know that's not looking so good, It's W10 Pro x64
Thanks Wendy!
Wouldn’t have noticed
You take the product very serious & offer great support, I like that a lot!
- Sep 3, 2017
- 825
Hi ,
I am impressed with your product. How ever i have few queries :
. I see a lot of Heur.PE detections sort of static signature based detections.
Normally heuristics come into action after execution ? or is that a default signature based detection (Known Signatures)
Thanks in Advance
Similar threads
