WiseVector StopX V2.65

[harlan4096]

WiseVector StopX V2.65 June 7, 2020:

1. Improved Memory protection to detect malware by abusing whitelist applications, such as Powershell, msbuild.exe, installutil.exe, regasm.exe, etc. It can effectively detect advanced threats based on tools such as PowerShell Empire, GreateSCT, nps_payload, ObfuscatedEmpire, unicorn, etc. Since it detects malicious payload in memory, it can effectively detect obfuscated malicious scripts.

2. Instruction Tracer improved. Recently, we have observed lots of RAT Trojans utilizing DLL hijacking to avoid detction by AV. These Trojans abuse whitelist APPs like Avast & ESET as well as APPs which are released by Samsung, TeamViewer, Citrix to perform DLL Side-Loading. We updated Instruction Tracer to make sure they can be detected without needing signature updates.

3. Upgraded detection engine to improve accuracy.

4. Fixed the problem that Behavior Detection may fail to quarantine malware.

5. Improved detection of malicious RTF documents.

6. Fixed an uninstallation problem in Windows XP.

7. Fixed other bugs.

Release Notes: https://www.wisevector.com/en/en-history/
Download: https://www.wisevector.com/WiseVector_StopX.exe