New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
looking for some anti-vm/anti-sandbox technique. so our crypts will live longer #2341
Comments
I would recommend looking into pafish, it's a repo that aims to detect VMs. You can look at the different methods they use. However keep in mind that there isn't really one global way of detecting VMs, it's a never ending sort of thing, one part finds new ways to detect VMs, and the other part finds new ways to hide their VMs. Good luck! |
Thank you so much! I've heard already about some of techniques that are used in pafish, but it seems a lil bit too complicated bcz idk C language, so it's hard for me to implement those features to my python dropper... but finally I found a solution that suits me, vm-blacklist so there is a lot of VM signs-rules that are up-to-date |
wow, I just saw that detections decreased from 5 to 3, I didn't know it is possible, am I trippin or anti-vm features works =) |
Nevermind, it was the second file I uploaded... so detections cannot decrease on the same file |
contact me on discord my username is Silentsniper0 |
If you want someone to pack it with anti-VM features i can help. DM me on Session if you're interested: 0507ba426543260ca92f64756546b095189f10e310cfde998fe770730d7bf60315 |
vm-blacklist was a nice find, however I must warn you against scanning your files on VirusTotal (if you are), since VirusTotal will distribute all detections it gets. I might be wrong here, but distribution, in this context, will mean that if you upload your file to VirusTotal, and lets say Avast detects your program as a virus, but Windows Defender does not, then VirusTotal will send a message to Windows Defender saying "Hey, Avast detects this program as a virus", and then Windows Defender might also end up detecting it as a virus. It's probably an incorrect explanation, but I am pretty sure that it works like that in one shape or another. The solution to this would be to scan your files on no-distribute scanning sites. The downside to this is that it often costs money. I personally use kleenscan, they gave me like 5 free scans at first, then when I added $10 to my balance I also got $15 extra. Each scan is then 0.05 dollars, so that means I could do 500 scans. Although maybe it's not worth it, since the program is bound to get scanned on VirusTotal sooner or later, by clients downloading the file. Good luck further :) |
can you recommend something Unam? or anyone else share your knowledge pls
bcz I'm a lil bit stuck at that point, I can evade some sandboxes but I want to find a more universal method
The text was updated successfully, but these errors were encountered: