"Impossible" is a bit of a tricky claim, for there also is some malware out there that is packed alongside actual software, essentially using that as its padding. I don't see how a visualizer would be able to show the difference. But it's great and interesting tool otherwise!

@knowwhatimeme

8 ай бұрын

Just another way of telling somebody it's just a false positive lol.

@pcsecuritychannel

8 ай бұрын

Yeah but they would be a different case than a file pretending to be a contract as here. Of course it is much harder if you are expecting a similar exe anyway. You need to actually RE and analyse each function for that.

@larry-kapo-ya7326

8 ай бұрын

AI can be helpful with it

@ianthehunter3532

8 ай бұрын

​@@larry-kapo-ya7326 fr how they not done that with AI yet

@TomerGamerTV

8 ай бұрын

@@larry-kapo-ya7326I’m pretty sure AI is already running in some antiviruses

perhaps the best anti virus is the common sense we made along the way

@ad1340yt

8 ай бұрын

umm actually the best antivirus is kaspersky

@klebleonard

8 ай бұрын

@@ad1340yt kaspersky wont help you if you lack common sense

@Philafxs

8 ай бұрын

@@ad1340yt Kaspersky vs Common Sense 2023 might well be equal when it comes to blocking malware and ransomware samples. But we won't know until Leo shows us the results.

@MikaelKKarlsson

8 ай бұрын

The "common sense" of today is just tomorrows attack vector. It's not enough.

@Asderman

8 ай бұрын

​@@ad1340yt is it ? Im not sure if its kaspersky or bitdefender or something else

I remember the beginning of this channel. In that time with your internet you would not be capable of analyze 700 MB file in real time.

@4:00 comes the show stealer. Never heard about bin vis before. Thanks 🙏 for the mention & also thank you for the ❤️and pinned comment I got from you last time. You make cybersecurity easy and interesting. If I had a boss like you in my previous company I wouldn't have left that office. Your videos is keeping my hopes alive to cling on to this field and contribute for the greater humanity. Love 💕 you 🎉

There is another free tool called common sense. If you need to break out the forensics to determine that a 700 MB file is not an A4 page business proposition that would be 24 KB, oh well ....

Amazing, thank you Leo. 👍

Very good tutorial ❤

It's perfect job for A.I. malware scanner. Teach it how clean files looks like and how sketchy files looks like. And let it scan the web.

@duplicake4054

8 ай бұрын

That wouldn't work very well because you could just pad the file with random bytes and it wouldn't be able to detect it.

@adviththegreat5610

8 ай бұрын

@@duplicake4054 Hey, if companies start releasing visualizers for their softwares, it would be so great for people who pirate them lol.

That is a brilliant idea!

Can you make a playlist on your channel for this series of videos?

Great tutorial, Thanks.

love your videos it gave me a lot of insight, Also if its not to much trouble could you make a video on how to fix Windows updates not installing after debloat? i really dont want to reset windows.

❤ good advice.

@pwhittak88

8 ай бұрын

Advice

@lf1977

8 ай бұрын

@pwhittak88 thanks.

Really nice👍!

Great watch

uploading a big file to a website is bothersome and time consuming, any offline local version of this binary visualizer?

Nice Sir :D

Is it just me or have you not done the absolute basics by enabling file extensions on the view menu? afaik, an .exe masquerading as a .PDF will still clearly end in .exe. That's normally more than enough to spot this crap.

This makes me wonder if you could train an AI on these visualisations to detect these kinds of hiding strategies. So like a very basic classification conv net.

@realmimak

8 ай бұрын

you could, but the model could as well be used to develop an obfuscation layer to make malware's visualization look legit

@malwaretestingfan

8 ай бұрын

There's a paper on this method ("Binary File’s Visualization and Entropy Features Analysis Combined with Multiple Deep Learning Networks for Malware Classification") by Guo et al. which consists in training a CNN against samples of malware both visualized using this method (as you proposed) and with their entropy sequence visualized in grayscale, with a 99% accuracy and with a capability to "group" easily malware from the same families, indeed very effective.

@aleks_ivanov

8 ай бұрын

@@malwaretestingfan Are there any antivirus software that detects malware with this method, or was this done only for research purposes?

@malwaretestingfan

8 ай бұрын

Research, but I suppose most AV companies use AI metholodology on the cloud bundled together with their product.@@aleks_ivanov

Amazing

bookmarked the tool.

Dumb question but why not just fill the blank space with random data to make it appear like there's something there? I don't really think the file visualizer would be of any use against that method...

@taureon_

8 ай бұрын

viruses like to be small when you download them but huge when you unzip them small so it doesnt take forever to download, but afterwards huge so antiviruses dont scan them because theyre that huge

@Philafxs

8 ай бұрын

Beat me to it. But this actually already happens in certain cases, with some malware coming alongside actual software and basically using that as its padding. Random data would do too but why go out of the way? However, scammers can get it out there and target more people faster by putting in as little effort as possible.

@2wr633

8 ай бұрын

because bytes actually have meaning so it would be some kind of instructions or data if you don't use a blank byte and if you were to put random data or instruction in it, there is a big chance the program will broke and wont execute which make it much more complex than just filling it with blank bytes

@taureon_

8 ай бұрын

@@2wr633 you can make your exe skip that though, or not?

@AlyssaMcNeil

8 ай бұрын

@@2wr633 Yes and no; Bytes have a meaning yes but that's for a machine - a person cannot tell if a scramble of bytes in a 600 MB files it's an actual data structure or a just a mess of randomness. Not even to mention when I meant "Randomness" I don't meant pure randomness, I meant something that resembles a program structure but doesn't hold any significant function / purpose.

4:09 I think the malware creator is a little bit dumb. They should have added random non ascii binaries to the rest of the file instead of blank padding Random binaries that does nothing like assigning values to memory or just loops or functions that does nothing but can fill up the rest of the space.

if in legit .exe file there are lot of empty space then what will happen if we remove those? will it still work with decreased size since we are just removing empty?

Wont anything manipulated with file type,we can know about from checking normally properties

we r looking for more antivirus tests

nice tool. with there is also an offline version.

awesome tool, is there any offline version of this? (portable would be even better)

Just use data from a legit file instead of 0s to make it look like a real file

Could you try in famous pdf webs and analyze files?

I am using binwalk with recursive search.

very nice

Next time they will chuck winrar duplicates instead of zero spacing so it looks differently :/

I don't really understand. Why not look at the extension (.scr) or the first two bytes (MZ) to find out if it's a real pdf or an executable?

@ianthehunter3532

8 ай бұрын

@@fffUUUUUU or boomers

@manticore4952

8 ай бұрын

Extensions are not a reliable way of determining, the first two bytes is reliable but attackers can also embed files further down or call them externally. A more reliable way is to look at the system calls the file makes.

@mstech-gamingandmore1827

8 ай бұрын

@@manticore4952 I mean, if we are checking if a file contains ANY executable code at all, then sure, yeah. They could remove the magic number or obfuscate it in any way they like. But we aren't talking about that. We are talking about whether a file is safe to open or not. And you know what? 9/10 if it isn't an executable it's safe to open. If you are certain that the real extension is .pdf, then it is perfectly safe to open (unless a new exploit arose, but I doubt that).

i have very suspicious behaviour on my mobile how i cant tell if im hacked and what can i do ?

Are there ANY real cases where a 600 MB PDF is NOT fake? Unless you're abusing it as a "zip" for BMPs, how would you get a "real" PDF that large?

@1p2k-223

8 ай бұрын

You could scan images.. there was a 750 page book 📚 that was 500MB or so, but scanned as a colour image

So the more blackness there is the more suspicious the file is?

whoa binvis would be great for reverse engineering

Hi there. please make a tutorial video about "Tron Script " to remove Virus from windows computer. thankyou

so, they can pad it with pdf files

Wouldnt encryption just garble it into random nonsense visually?

I got hacked by a trojan in windows 10 pc, it is a rootkit, because it infected the bootable usb, it seems, can it be cleaned by cloud download of windows 10?

@1p2k-223

8 ай бұрын

Possibly, though get a gparted USB and wipe the drive first (after backing up files to OneDrive, etc)

why not to copy paste same malware code for 650 mb to make it look legit in the whole file instead of empty bits. Is this possible?

couldnt they just get around this by putting the rest of it as a shakespeare play??

what happens when you open the bad pdf ? is chrome (pdf reader) vulnerable ?

@1p2k-223

8 ай бұрын

It will error out ... As it is an exe or scr file in disguise

@omuleanu

8 ай бұрын

@1p2k-223 yes, but it won't execute, so the system won't get infected

Good idea for a static analysis tool to go with a byte entropy graph

it hangs on large rar files

Your voice sounds a bit different

@loupasternak

8 ай бұрын

annoying really

Last year with this method tried hack famous Turkish youtuber .

'how any file looks like'? English your 2nd language?

@gregwessels7205

8 ай бұрын

Yes, I'm guessing technology is Leo's 1st language now.

@ianthehunter3532

8 ай бұрын

what's wrong

i have 9 years mod experience on twitch are you interested ? but i cant do this as a hobby

Permision me only gablesyou🎉🎉