Skip to content
/ Anti-VM Public

Windows-based implementation of several anti-vm techniques used in malware development.

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Print3M/Anti-VM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

README.md

README.md

 
 

detectors.cpp

detectors.cpp

 
 

detectors.hpp

detectors.hpp

 
 

main.cpp

main.cpp

 
 

utils.cpp

utils.cpp

 
 

utils.hpp

utils.hpp

 
 

wmi.cpp

wmi.cpp

 
 

wmi.hpp

wmi.hpp

 
 

Repository files navigation

Anti-VM techniques

Basic implementation of several anti-vm techniques (Windows) for educational purpose. They rely on checking different parts of OS and hardware to find out if the script is running in a VM.

Implemented techniques

  • CPU hypervisor bit (CPUID)
  • CPU id string (CPUID)
  • CPU brand string (CPUID)
  • BIOS manufacturer string
  • BIOS version string
  • Screen resolution
  • Amount of physical memory
  • Number of CPU cores
  • Amount of disk space

To be implemented

  • Global Descriptor Table location
  • Local Descriptor Table location
  • Interrupt Descriptor Table location
  • ACPI VM-based string checks
  • VM-based hostnames and usernames
  • VM-based MAC addresses

About

Windows-based implementation of several anti-vm techniques used in malware development.

Topics

cpp winapi malware-development anti-vm anti-virtualization

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages