Behide system of Hunaman Analysis tools divied 2 types are run core process from the server mode calling. Core process mananges scan malware from signature based scanning. Server mode received multiple message which controlled by scanning multithread. It’s method work on concurrency thread when client send message over network to server to deeply scan detail of virus. Main core is fast scanning uses multithread of multicore and parallel of OpenCL technology. That technology improved performance access to detected malware on concurrency and parallel scanning techniques. After program was detected malware completed. Result send back to client which server/client communicates using SSL and AES-128. Type of communicates secure channels separate 2 method.
First step, Client establishment connection to the server mode in orderto register user in system. This step client will certify certificate which it certificate sign by ReverseFall team. After program signs certificate completed. Server mode send key and initiailization vector(IV) of AES-128 bit to client and fall back to AES-128 encryption/decryption messages communicate between Server/Client. Switching mode help to reduce work load of cryptography method of SSL. Second step, After exchanged key and IV from server was completed. Client send data in crypto mode to server. Server recived message and decrypts message and start scan malware process. Third step, Server scan malware completed. Message scan malware send back to client and close communications.
Processes of AES will random key and IV on server send to client requests malware scanning, if client connect to server in first time of date. In afterwards, Server has processes to check and invoke key & IV of client that randomed and store on memory of Atomic hash map. Memory contains UUID & IP of client. If client connect in next time, Server would check informaction of memory to decrypts message received from client.
Additional in system, Server setting timeout then found connection timeout between Server/client in processes operate. It close connect from client and wait new connection from another client.
19 January 2015