Xylent

Newest Project is here https://sourceforge.net/projects/xylent/

• A powerful antivirus built using Electron framework and python
• Download malware definations here: https://mega.nz/file/rgx2CRiD#98Sm_zex7ImsXhObf9bU1qJK6YIWVR6l0z582TuLx8U

Added Features

• Real Time System Watch
• Database based quering(md5, sha1, sha256, ssdeep and tlsh)
• Yara based pattern matching analysis
• Executable file signature and integrity analysis
• Quarantine Handler
• Startup Items Management
• Configurable Quick Settings
• Basic Scans -> Quick

Xylent Interface

Features Demonstration

Real Time Protection Demo:

• Xylent is capable of detecting and removing Malware
• Blocks drive by downloads
• Prevents malware replication
• Blocks malware on file opening,renaming as well as copying
• Detects newly opened files

Xylent.Antivirus.Realtime.Protection.Demo.mp4

Quarantine Management Demo:

• Objects detected are placed into a secure quarantine folder
• Xylent's UI provides a simple interface to restore or safely remove the files

Xylent.Antivirus.Quaratine.Management.mp4

Archive Auto Repair

• Automatically repair's archive containing malicious files
• Repairs infected files and keeps important data in the archive safe

Xylent.Antivirus.Archive.Auto.Repair.mp4

Startup monitor Demo:

• Xylent monitors startup items for potential malware
• Currently uses baseline unusual characters and patterns in processname of startup IOC's
• Enable/Disable startup items directly via Xylent's UI

Xylent.StartupMonitor_Demo.mp4

Expected Features/Coming Soon

• Intelligent/Smart cleaning
  • Cache cleaner -> temp,prefetch, Browser cache...
  • Automatically apply recommended OS settings
• File Insights: VirusTotal based quering,
• Web Insights: whois lookup for inbound/outbound urls, virustotal / McAfee siteadvisor
• Basic Scans --> Full,Custom,Memory based scans

Ambitious/Nice-To-Haves' Features

• Vulnerability Scanner [CVE lookup]
• MITRE ATT&CK report for threats
• In process interruption of malware execution
• [LINUX] ClamAV integration
• File entropy and ML based Heuristic
• AI based malicious pattern detection
• IDS/IPS & HIPS

Tech Stack:

• Python
  • Flask
  • yara
• ElectronJS
• ReactJS
• Webpack/babel

npm i

npm run watch

python engine.py

npm start

Architecture

• Flask backend: run using python engine.py
• Electron based frontend built on ReactJS
  • npm install to install dependencies
  • npm run watch to compile using webpack
  • Finally npm start to run the app

Target Environment

• Currently in development with main focus towards Windows x64 systems
• Requires Administrator privilages for certain features
• Extending capabilites towards Linux at a later stage

Acknowledgements and References

• Use signature base by Florian Roth under Detection Rules license for additional detection capabitiies. Place the yare rules in /backend/signature-base/yara/
• Custom simple "Dummy" yara rules - ruleA & ruleB to detect test malware( of type .docx and .pdf) designed specifically for Xylent Antivirus

Credits

• Thanks for the malware database at sha256_db.txt https://github.com/anic17/Batch-Antivirus