From Collaborative RCE Tool Library

Jump to: navigation, search

ARTeam Anti-Emulation open source functions

Tool name: ARTeam Anti-Emulation open source functions
Rating: 0.0 (0 votes)
Author: Gunther                        
Website: http://evilcry.netsons.org
Current version:
Last updated: March 21, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions:

Here's a quick list of the functions:

Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver is loaded in memory and by searching for the window handle.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)