pafish
pafish copied to clipboard
a0rtega
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Implement the following anti-sandbox posted by Joe Security: https://twitter.com/joe4security/status/733289607949881344 
As does Dridex, check internet temporary files, last documents opened If don't exists activity maybe is a sandbox
Hi, the < 1 Gb memory check detects my VM's with 1 Gb memory as "traced". Is the number based on a bare metal memory amount ? ## gensandbox.c ##...
There are some problems with the current version of Pafish. Current version PASS some test in VMWare and consider it as a physical system. The tests that Passed on a...
A sample (sha256: 09858ae19ce96499a78dd1f2a304a29caa7a1c220869cb6ec245b8fb91470c7e) has been using those not-yet-supported techniques to detect an analysis system/vm: RegOpenKeyExA on ``` These here are anti-spyware detections ``` SubKey => SOFTWARE\SUPERAntiSpyware.com SubKey => SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1...
* Pafish (Paranoid Fish) * [-] Windows version: 6.2 build 9200 [-] Running in WoW64: False [-] CPU: GenuineIntel Hypervisor: ♦► CPU brand: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz [-]...
There's a great summary by Secret Club about techniques used for VMM detection: https://secret.club/2020/04/13/how-anti-cheats-detect-system-emulation.html - these techniques are implemented by most anti-cheat software on the market. It may be worth...
not sure what to do from here but i ran it on real hardware and got detected
You honestly should check the actual cpu timings as stuff like [this guide](https://github.com/A1exxander/KVM-Spoofing)'s VM exit bypass returns a static value. Full guide's result: https://user-images.githubusercontent.com/88210134/130307422-b019ebcb-8c9f-4f0c-a028-1b0270475a2b.png
