pafish

pafish copied to clipboard

how to bypass this detects?

1


iocmet

Opening this issue to keep it pinned for future reference, as it is a recurring problem. ## Why does my antivirus detect pafish? pafish is a security research tool and...

a0rtega

Add how to patch detections to wiki

3

I know this is probably out of the scope of this application but I think it would be a great edition to explain how to patch the detections on things...

JordanPlayz158

Hi there, this issue is not 100% related to Pafish but I guess is something worth mentioning to see if more people have the same issue. Scenario: Im running a...

ThisIsNotMalware

VM detection possible by checking the difference between CPU timestamp counters (rdtsc) forcing VM exit

1

Hey, I have problem with this check. How to change my VMware configuration to pass this check and make my virtual machine undetectable?

Vaurine32

Just submitting a screenshot of running it [in a VM](https://i.imgur.com/Frflsss.png) vs [actual hardware](https://i.imgur.com/ukGnje3.png). Also note that the OS version is not determined correctly on Win10. [Use RtlGetVersion](https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-rtlgetversion) to get that.

ddbb2017

https://github.com/gbrindisi/malware/blob/eb9659ae063fbf3b930583d69cdc7a83e6bcfe3f/windows/gozi-isfb/av.c#L134

a0rtega

https://github.com/CheckPointSW/VB2016-sandbox-evasion

seifreed

https://kc.mcafee.com/corporate/index?page=content&id=KB79333#Operations >

elhoim

https://www.fuckav.ru/showthread.php?t=29136

seifreed