evilcry

Anti-Emulation Tricks

Rating: 2 votes, 1.50 average.
Hi,

Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions, Iíve uploaded these on my OffensiveCOding section:

here a quick list of the functions:

Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver is loaded in memory and by searching for the window handle.

Here the link:

http://evilcry.netsons.org/OC0/code/EmulationAwareness.c

See you to the next post..

Submit "Anti-Emulation Tricks" to Digg Submit "Anti-Emulation Tricks" to del.icio.us Submit "Anti-Emulation Tricks" to StumbleUpon Submit "Anti-Emulation Tricks" to Google

Categories
Uncategorized

Comments