www.av-sdk.com

The above link directs to a site that claims to sell an av sdk, that uses only heuristics to get the best detection in the industry. This really seems weird. Any ideas?

I did a preliminary analysis of the software sometime back.

The main GUI is permanently disabled with the date set some years back. And that is just a string in the disassembly. Further, the gui actually calls another dll called mvm.dll or so and the dll has a few valid exports. But the gui actually never calls anything. And the software is a trial sdk version or something. Its quite weird and seems more like a joke site.

GUI has code, which loads 'mvm.dll' & resolves ordinals. also there is code to call those resolved ordinals.

Yeah, so does the software actually run ? There can be all sorts of compiled useless code but I dont think the trial version date is reset or that the software actually works. Like 2 MB consisting of a PE parser, Heuristic engine, sandbox and dynamic engine. If it does not work in the first place, any point in doing a dead listing?
What I meant was regarding the ordinals is that the code itself is redundant, never mind the call instructions to dll ordinals.

Would be great if you could do some corroboration on the effectiveness of the tool.

fake

Thanks for that Indy. The price tags are pretty awesome as well. Its Russian ostensibly. They have this site up for quite a long time. I don't know who really buys this stuff....

There is another av product called Twister AV. Its not really well known (VirusTotal etc) but there seems to be a dubious web presence here and there.

Better than MSE/VBA you will not find anything. But they also useless..