Package proposal: pafish.vm

[seanthegeek]

trafficstars

Package Name

pafish

Tool Name

pafish

Package type

ZIP_EXE

Tool's version number

0.6

Category

Utilities

Tool's authors

Alberto Ortega, Others

Tool's description

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Download URL

https://github.com/a0rtega/pafish/releases/download/v0.6/pafish64.exe

Download SHA256 Hash

ff24b9da6cddd77f8c19169134eb054130567825eee1008b5a32244e1028e76f

Why is this tool a good addition?

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do.

[seanthegeek]

Note: Windows Defender and some other AVs falsely flag this EXE as malware, because it does many of the same VM/sandbox checks that malware does.

[doomedraven]

pafish is ultra dead, al-khaser is way much better for VM detection https://github.com/LordNoteworthy/al-khaser

[mr-tz]

al-khaser does not provide compiled binaries, otherwise, I'd vote to add it instead of pafish.

[Ana06]

It seems there is a build workflow, but the result is only uploaded as artifact (which means it is only kept for a short period of time). It should be easy though to convert it into a release workflow. @mandiant/flare-vm do you think this is a useful tool that should be added to FLARE-VM?

[stevemk14ebr]

I do not think al-khaser or pafish make sense in flare-vm. They are useful if you are writing anti-anti-vm or anti-anti-dbg tooling but there is no situation I can think of where you'd run one of these tools to better understand a malware sample. Hardening a VM is a one time thing not a recurring need for one of these tools.