PDA

View Full Version : AV VM BYPASS ENGINE.


Indy
September 24th, 2012, 05:19
http://indy-vx.narod.ru/Bin/VMBE.zip ("http://indy-vx.narod.ru/Bin/VMBE.zip")

2644


disavowed
September 24th, 2012, 11:58
OMG! This is breaking news!! Are you saying that if you obfuscate malware then AV products won't be able to detect it?! Call the presses! Alert the media!

_genuine
September 24th, 2012, 13:26
Oh my, I didnt see this one coming..

frozenrain
September 26th, 2012, 02:35
only check a api?av can add support this api quickly

Indy
September 26th, 2012, 02:57
The api can be any. Api's are emulated as atoms, this engine splits it, this mechanism can not work around.

evaluator
October 14th, 2012, 15:26
this is TrapFlag_SelfTracer.

any new code can be called "VM BYPASS ENGINE"

Indy
October 14th, 2012, 22:44
Simple use of the TF can not determine the fact of emulation. Typical methods is a gag's(затычки по русски. They fix.

checking_numbr1
October 21st, 2012, 08:07
Quote:
[Originally Posted by Indy;93285]http://indy-vx.narod.ru/Bin/VMBE.zip ("http://indy-vx.narod.ru/Bin/VMBE.zip")

2644



Someone made Indy angry so he deleted all from his website. Can someone reupload this?

Indy
October 21st, 2012, 23:04
woodmann
2665

NeOXOeN
October 23rd, 2012, 16:23
Quote:
[Originally Posted by Indy;93501]woodmann
2665


indy what is password for it??

Indy
May 10th, 2013, 02:18
VMBE 2

pass: vx

2756

Indy
May 10th, 2013, 11:18
Aver's is gone, Comrades

Indy
May 11th, 2013, 11:33
wow fixed.

vx

2757

NeOXOeN
May 11th, 2013, 18:16
damn.. .nice.. thx for rlz

Indy
May 13th, 2013, 14:15
NeOXOeN

2764

NeOXOeN
June 3rd, 2013, 06:09
hehe i that you?

Indy
June 3rd, 2013, 14:17
Project is closed. Possible to set limits on NL, but this is unnecessary. AVVM is no more.

2772