Comments (7)
I would recommend looking into pafish, it's a repo that aims to detect VMs. You can look at the different methods they use. However keep in mind that there isn't really one global way of detecting VMs, it's a never ending sort of thing, one part finds new ways to detect VMs, and the other part finds new ways to hide their VMs.
Good luck!
from silentcryptominer.
I would recommend looking into pafish, it's a repo that aims to detect VMs. You can look at the different methods they use. However keep in mind that there isn't really one global way of detecting VMs, it's a never ending sort of thing, one part finds new ways to detect VMs, and the other part finds new ways to hide their VMs.
Good luck!
Thank you so much! I've heard already about some of techniques that are used in pafish, but it seems a lil bit too complicated bcz idk C language, so it's hard for me to implement those features to my python dropper... but finally I found a solution that suits me, vm-blacklist so there is a lot of VM signs-rules that are up-to-date
And added some vm recognition tools myself and now it checks by 23 signs (20 offline and last 3 online) so hopefully sandboxes won't be big of a deal now
from silentcryptominer.
wow, I just saw that detections decreased from 5 to 3, I didn't know it is possible, am I trippin or anti-vm features works =)
from silentcryptominer.
Nevermind, it was the second file I uploaded... so detections cannot decrease on the same file
BTW it looks like my file got additional attention (bcz submitted by more than 1 person I guess) and was inspected not by automated sandbox but from a real person who tried to run for a couple of times looking at task manager :)
from silentcryptominer.
Nevermind, it was the second file I uploaded... so detections cannot decrease on the same file BTW it looks like my file got additional attention (bcz submitted by more than 1 person I guess) and was inspected not by automated sandbox but from a real person who tried to run for a couple of times looking at task manager :)
contact me on discord my username is Silentsniper0
from silentcryptominer.
If you want someone to pack it with anti-VM features i can help. DM me on Session if you're interested: 0507ba426543260ca92f64756546b095189f10e310cfde998fe770730d7bf60315
from silentcryptominer.
Nevermind, it was the second file I uploaded... so detections cannot decrease on the same file BTW it looks like my file got additional attention (bcz submitted by more than 1 person I guess) and was inspected not by automated sandbox but from a real person who tried to run for a couple of times looking at task manager :)
vm-blacklist was a nice find, however I must warn you against scanning your files on VirusTotal (if you are), since VirusTotal will distribute all detections it gets. I might be wrong here, but distribution, in this context, will mean that if you upload your file to VirusTotal, and lets say Avast detects your program as a virus, but Windows Defender does not, then VirusTotal will send a message to Windows Defender saying "Hey, Avast detects this program as a virus", and then Windows Defender might also end up detecting it as a virus.
It's probably an incorrect explanation, but I am pretty sure that it works like that in one shape or another. The solution to this would be to scan your files on no-distribute scanning sites. The downside to this is that it often costs money. I personally use kleenscan, they gave me like 5 free scans at first, then when I added $10 to my balance I also got $15 extra. Each scan is then 0.05 dollars, so that means I could do 500 scans.
Although maybe it's not worth it, since the program is bound to get scanned on VirusTotal sooner or later, by clients downloading the file. Good luck further :)
from silentcryptominer.
Related Issues (20)
- incorrect balls HOT 28
- how do I encrypt a file after embedding a miner in it? HOT 6
- A feature question HOT 1
- What is wusa and mrt.exe? HOT 2
- how to make sure that the administrator name window does not appear when the miner is launched? HOT 3
- Mining ETH w/ example settings (full) on a NVIDIA GeForce GTX 1050 Ti, 0H/s. HOT 1
- How to integrate XMRig version 6.21.3, I find XMRig 6.21.3 more stable HOT 8
- so, Howd you install it exactly? HOT 1
- Xmrig Proxy HOT 1
- stealth-targets monitoring logic HOT 1
- Zephyr setup HOT 13
- Contact HOT 2
- Question for Xmrig Proxy HOT 1
- EPICCASH Setup HOT 1
- Xmrig-Proxy HOT 11
- how to encrypt a file in C# is there a code? HOT 1
- Does this code look correct? HOT 8
- Compiler Folder and Main Build HOT 3
- Miner closes off after executed crypted miner .exe HOT 11
- Network Settings for Xmrig-Proxy HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silentcryptominer.