Svnkill
05-05-2020, 18:11
Привет, есть дедик (VPS/VDS). И мне надо обойти антидетект одной программы. Операционка стоит Windows 10 pro
Сканирование через Pafish выдает:
* Pafish (Paranoid fish) *
Some anti(debugger/VM/sandbox) tricks
used by malware for the general public.
Windows version: 6.2 build 9200
CPU: GenuineIntel
Hypervisor: Microsoft Hv
CPU brand: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz
[-] Debuggers detection
Using IsDebuggerPresent() ... OK
[-] CPU information based detections
Checking the difference between CPU timestamp counters (rdtsc) ... OK
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking hypervisor bit in cpuid feature bits ... traced!
Checking cpuid hypervisor vendor for known VM vendors ... traced!
[-] Generic sandbox detection
Using mouse activity ... OK
Checking username ... OK
Checking file path ... OK
Checking common sample names in drives root ... OK
Checking if disk size <= 60GB via DeviceIoControl() ... OK
Checking if disk size <= 60GB via GetDiskFreeSpaceExA() ... OK
Checking if Sleep() is patched using GetTickCount() ... OK
Checking if NumberOfProcessors is < 2 via raw access ... OK
Checking if NumberOfProcessors is < 2 via GetSystemInfo() ... OK
Checking if pysical memory is < 1Gb ... OK
Checking operating system uptime using GetTickCount() ... OK
Checking if operating system IsNativeVhdBoot() ... OK
[-] Hooks detection
Checking function ShellExecuteExW method 1 ... OK
Checking function CreateProcessA method 1 ... OK
[-] Sandboxie detection
Using GetModuleHandle(sbiedll.dll) ... OK
[-] Wine detection
Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... OK
Reg key (HKCU\SOFTWARE\Wine) ... OK
[-] VirtualBox detection
Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
Reg key (HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions) ... OK
Reg key (HKLM\HARDWARE\Description\System "VideoBiosVersion") ... OK
Reg key (HKLM\HARDWARE\ACPI\DSDT\VBOX__) ... OK
Reg key (HKLM\HARDWARE\ACPI\FADT\VBOX__) ... OK
Reg key (HKLM\HARDWARE\ACPI\RSDT\VBOX__) ... OK
Reg key (HKLM\SYSTEM\ControlSet001\Services\VBox*) ... OK
Reg key (HKLM\HARDWARE\DESCRIPTION\System "SystemBiosDate") ... OK
Driver files in C:\WINDOWS\system32\drivers\VBox* ... OK
Additional system files ... OK
Looking for a MAC address starting with 08:00:27 ... OK
Looking for pseudo devices ... OK
Looking for VBoxTray windows ... OK
Looking for VBox network share ... OK
Looking for VBox processes (vboxservice.exe, vboxtray.exe) ... OK
Looking for VBox devices using WMI ... OK
[-] VMware detection
Scsi port 0,1,2 ->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\SOFTWARE\VMware, Inc.\VMware Tools) ... OK
Looking for C:\WINDOWS\system32\drivers\vmmouse.sys ... OK
Looking for C:\WINDOWS\system32\drivers\vmhgfs.sys ... OK
Looking for a MAC address starting with 00:05:69, 00:0C:29, 00:1C:14 or 00:50:56 ... OK
Looking for network adapter name ... OK
Looking for pseudo devices ... OK
Looking for VMware serial number ... OK
[-] Qemu detection
Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
cpuid CPU brand string 'QEMU Virtual CPU' ... OK
[-] Bochs detection
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
cpuid AMD wrong value for processor name ... OK
cpuid Intel wrong value for processor name ... OK
[-] Cuckoo detection
Looking in the TLS for the hooks information structure ... OK
[-] Feel free to RE me, check log file for more information.
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking hypervisor bit in cpuid feature bits ... traced!
Checking cpuid hypervisor vendor for known VM vendors ... traced!
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Есть у кого-то варианты как решить данную проблему?
Сканирование через Pafish выдает:
* Pafish (Paranoid fish) *
Some anti(debugger/VM/sandbox) tricks
used by malware for the general public.
Windows version: 6.2 build 9200
CPU: GenuineIntel
Hypervisor: Microsoft Hv
CPU brand: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz
[-] Debuggers detection
Using IsDebuggerPresent() ... OK
[-] CPU information based detections
Checking the difference between CPU timestamp counters (rdtsc) ... OK
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking hypervisor bit in cpuid feature bits ... traced!
Checking cpuid hypervisor vendor for known VM vendors ... traced!
[-] Generic sandbox detection
Using mouse activity ... OK
Checking username ... OK
Checking file path ... OK
Checking common sample names in drives root ... OK
Checking if disk size <= 60GB via DeviceIoControl() ... OK
Checking if disk size <= 60GB via GetDiskFreeSpaceExA() ... OK
Checking if Sleep() is patched using GetTickCount() ... OK
Checking if NumberOfProcessors is < 2 via raw access ... OK
Checking if NumberOfProcessors is < 2 via GetSystemInfo() ... OK
Checking if pysical memory is < 1Gb ... OK
Checking operating system uptime using GetTickCount() ... OK
Checking if operating system IsNativeVhdBoot() ... OK
[-] Hooks detection
Checking function ShellExecuteExW method 1 ... OK
Checking function CreateProcessA method 1 ... OK
[-] Sandboxie detection
Using GetModuleHandle(sbiedll.dll) ... OK
[-] Wine detection
Using GetProcAddress(wine_get_unix_file_name) from kernel32.dll ... OK
Reg key (HKCU\SOFTWARE\Wine) ... OK
[-] VirtualBox detection
Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
Reg key (HKLM\SOFTWARE\Oracle\VirtualBox Guest Additions) ... OK
Reg key (HKLM\HARDWARE\Description\System "VideoBiosVersion") ... OK
Reg key (HKLM\HARDWARE\ACPI\DSDT\VBOX__) ... OK
Reg key (HKLM\HARDWARE\ACPI\FADT\VBOX__) ... OK
Reg key (HKLM\HARDWARE\ACPI\RSDT\VBOX__) ... OK
Reg key (HKLM\SYSTEM\ControlSet001\Services\VBox*) ... OK
Reg key (HKLM\HARDWARE\DESCRIPTION\System "SystemBiosDate") ... OK
Driver files in C:\WINDOWS\system32\drivers\VBox* ... OK
Additional system files ... OK
Looking for a MAC address starting with 08:00:27 ... OK
Looking for pseudo devices ... OK
Looking for VBoxTray windows ... OK
Looking for VBox network share ... OK
Looking for VBox processes (vboxservice.exe, vboxtray.exe) ... OK
Looking for VBox devices using WMI ... OK
[-] VMware detection
Scsi port 0,1,2 ->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\SOFTWARE\VMware, Inc.\VMware Tools) ... OK
Looking for C:\WINDOWS\system32\drivers\vmmouse.sys ... OK
Looking for C:\WINDOWS\system32\drivers\vmhgfs.sys ... OK
Looking for a MAC address starting with 00:05:69, 00:0C:29, 00:1C:14 or 00:50:56 ... OK
Looking for network adapter name ... OK
Looking for pseudo devices ... OK
Looking for VMware serial number ... OK
[-] Qemu detection
Scsi port->bus->target id->logical unit id-> 0 identifier ... OK
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
cpuid CPU brand string 'QEMU Virtual CPU' ... OK
[-] Bochs detection
Reg key (HKLM\HARDWARE\Description\System "SystemBiosVersion") ... OK
cpuid AMD wrong value for processor name ... OK
cpuid Intel wrong value for processor name ... OK
[-] Cuckoo detection
Looking in the TLS for the hooks information structure ... OK
[-] Feel free to RE me, check log file for more information.
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking hypervisor bit in cpuid feature bits ... traced!
Checking cpuid hypervisor vendor for known VM vendors ... traced!
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Checking the difference between CPU timestamp counters (rdtsc) forcing VM exit ... traced!
Есть у кого-то варианты как решить данную проблему?