Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [al-khaser version 0.82]
- -------------------------[Initialisation]-------------------------
- [*] You are running: Microsoft Windows 10 (build 19045) 64-bit
- [*] All APIs present and accounted for.
- -------------------------[TLS Callbacks]-------------------------
- [*] TLS process attach callback [ GOOD ]
- [*] TLS thread attach callback [ GOOD ]
- -------------------------[Debugger Detection]-------------------------
- [*] Checking IsDebuggerPresent API [ GOOD ]
- [*] Checking PEB.BeingDebugged [ GOOD ]
- [*] Checking CheckRemoteDebuggerPresent API [ GOOD ]
- [*] Checking PEB.NtGlobalFlag [ GOOD ]
- [*] Checking ProcessHeap.Flags [ GOOD ]
- [*] Checking ProcessHeap.ForceFlags [ GOOD ]
- [*] Checking Low Fragmentation Heap [ GOOD ]
- [*] Checking NtQueryInformationProcess with ProcessDebugPort [ GOOD ]
- [*] Checking NtQueryInformationProcess with ProcessDebugFlags [ GOOD ]
- [*] Checking NtQueryInformationProcess with ProcessDebugObject [ GOOD ]
- [*] Checking WudfIsAnyDebuggerPresent API [ GOOD ]
- [*] Checking WudfIsKernelDebuggerPresent API [ GOOD ]
- [*] Checking WudfIsUserDebuggerPresent API [ GOOD ]
- [*] Checking NtSetInformationThread with ThreadHideFromDebugger [ GOOD ]
- [*] Checking CloseHandle with an invalide handle [ GOOD ]
- [*] Checking NtSystemDebugControl [ GOOD ]
- [*] Checking UnhandledExcepFilterTest [ GOOD ]
- [*] Checking OutputDebugString [ GOOD ]
- [*] Checking Hardware Breakpoints [ GOOD ]
- [*] Checking Software Breakpoints [ BAD ]
- [*] Checking Interupt 0x2d [ GOOD ]
- [*] Checking Interupt 1 [ GOOD ]
- [*] Checking trap flag [ GOOD ]
- [*] Checking Memory Breakpoints PAGE GUARD [ GOOD ]
- [*] Checking If Parent Process is explorer.exe [ GOOD ]
- [*] Checking SeDebugPrivilege [ GOOD ]
- [*] Checking NtQueryObject with ObjectTypeInformation [ GOOD ]
- [*] Checking NtQueryObject with ObjectAllTypesInformation [ GOOD ]
- [*] Checking NtYieldExecution [ GOOD ]
- [*] Checking CloseHandle protected handle trick [ GOOD ]
- [*] Checking NtQuerySystemInformation with SystemKernelDebuggerInformation [ GOOD ]
- [*] Checking SharedUserData->KdDebuggerEnabled [ GOOD ]
- [*] Checking if process is in a job [ GOOD ]
- [*] Checking VirtualAlloc write watch (buffer only) [ GOOD ]
- [*] Checking VirtualAlloc write watch (API calls) [ GOOD ]
- [*] Checking VirtualAlloc write watch (IsDebuggerPresent) [ GOOD ]
- [*] Checking VirtualAlloc write watch (code write) [ GOOD ]
- [*] Checking for page exception breakpoints [ GOOD ]
- [*] Checking for API hooks outside module bounds [ GOOD ]
- -------------------------[DLL Injection Detection]-------------------------
- [*] Enumerating modules with EnumProcessModulesEx [32-bit] [ GOOD ]
- [*] Enumerating modules with EnumProcessModulesEx [64-bit] [ GOOD ]
- [*] Enumerating modules with EnumProcessModulesEx [ALL] [ GOOD ]
- [*] Enumerating modules with ToolHelp32 [ GOOD ]
- [*] Enumerating the process LDR via LdrEnumerateLoadedModules [ GOOD ]
- [*] Enumerating the process LDR directly [ GOOD ]
- [*] Walking process memory with GetModuleInformation [ GOOD ]
- [*] Walking process memory for hidden modules [ GOOD ]
- [*] Walking process memory for .NET module structures [ GOOD ]
- -------------------------[Generic Sandboxe/VM Detection]-------------------------
- [*] Checking if process loaded modules contains: avghookx.dll [ GOOD ]
- [*] Checking if process loaded modules contains: avghooka.dll [ GOOD ]
- [*] Checking if process loaded modules contains: snxhk.dll [ GOOD ]
- [*] Checking if process loaded modules contains: sbiedll.dll [ GOOD ]
- [*] Checking if process loaded modules contains: dbghelp.dll [ GOOD ]
- [*] Checking if process loaded modules contains: api_log.dll [ GOOD ]
- [*] Checking if process loaded modules contains: dir_watch.dll [ GOOD ]
- [*] Checking if process loaded modules contains: pstorec.dll [ GOOD ]
- [*] Checking if process loaded modules contains: vmcheck.dll [ GOOD ]
- [*] Checking if process loaded modules contains: wpespy.dll [ GOOD ]
- [*] Checking if process loaded modules contains: cmdvrt64.dll [ GOOD ]
- [*] Checking if process loaded modules contains: cmdvrt32.dll [ GOOD ]
- [*] Checking if process file name contains: sample.exe [ GOOD ]
- [*] Checking if process file name contains: bot.exe [ GOOD ]
- [*] Checking if process file name contains: sandbox.exe [ GOOD ]
- [*] Checking if process file name contains: malware.exe [ GOOD ]
- [*] Checking if process file name contains: test.exe [ GOOD ]
- [*] Checking if process file name contains: klavme.exe [ GOOD ]
- [*] Checking if process file name contains: myapp.exe [ GOOD ]
- [*] Checking if process file name contains: testapp.exe [ GOOD ]
- [*] Checking if process file name looks like a hash: al-khaser [ GOOD ]
- [*] Checking if username matches : CurrentUser [ GOOD ]
- [*] Checking if username matches : Sandbox [ GOOD ]
- [*] Checking if username matches : Emily [ GOOD ]
- [*] Checking if username matches : HAPUBWS [ GOOD ]
- [*] Checking if username matches : Hong Lee [ GOOD ]
- [*] Checking if username matches : IT-ADMIN [ GOOD ]
- [*] Checking if username matches : Johnson [ GOOD ]
- [*] Checking if username matches : Miller [ GOOD ]
- [*] Checking if username matches : milozs [ GOOD ]
- [*] Checking if username matches : Peter Wilson [ GOOD ]
- [*] Checking if username matches : timmy [ GOOD ]
- [*] Checking if username matches : user [ GOOD ]
- [*] Checking if username matches : sand box [ GOOD ]
- [*] Checking if username matches : malware [ GOOD ]
- [*] Checking if username matches : maltest [ GOOD ]
- [*] Checking if username matches : test user [ GOOD ]
- [*] Checking if username matches : virus [ GOOD ]
- [*] Checking if username matches : John Doe [ GOOD ]
- [*] Checking if hostname matches : SANDBOX [ GOOD ]
- [*] Checking if hostname matches : 7SILVIA [ GOOD ]
- [*] Checking if hostname matches : HANSPETER-PC [ GOOD ]
- [*] Checking if hostname matches : JOHN-PC [ GOOD ]
- [*] Checking if hostname matches : MUELLER-PC [ GOOD ]
- [*] Checking if hostname matches : WIN7-TRAPS [ GOOD ]
- [*] Checking if hostname matches : FORTINET [ GOOD ]
- [*] Checking if hostname matches : TEQUILABOOMBOOM [ GOOD ]
- [*] Checking whether username is 'Wilber' and NetBIOS name starts with 'SC' or 'SW' [ GOOD ]
- [*] Checking whether username is 'admin' and NetBIOS name is 'SystemIT' [ GOOD ]
- [*] Checking whether username is 'admin' and DNS hostname is 'KLONE_X64-PC' [ GOOD ]
- [*] Checking whether username is 'John' and two sandbox files exist [ GOOD ]
- [*] Checking whether four known sandbox 'email' file paths exist [ GOOD ]
- [*] Checking whether three known sandbox 'foobar' files exist [ GOOD ]
- [*] Checking Number of processors in machine [ GOOD ]
- [*] Checking Interupt Descriptor Table location [ GOOD ]
- [*] Checking Local Descriptor Table location [ BAD ]
- [*] Checking Global Descriptor Table location [ GOOD ]
- [*] Checking Store Task Register [ GOOD ]
- [*] Checking Number of cores in machine using WMI [ GOOD ]
- [*] Checking hard disk size using WMI [ GOOD ]
- [*] Checking hard disk size using DeviceIoControl [ GOOD ]
- [*] Checking SetupDi_diskdrive [ GOOD ]
- [*] Checking mouse movement [ GOOD ]
- [*] Checking lack of user input [ GOOD ]
- [*] Checking memory space using GlobalMemoryStatusEx [ GOOD ]
- [*] Checking disk size using GetDiskFreeSpaceEx [ GOOD ]
- [*] Checking if CPU hypervisor field is set using cpuid(0x1) [ GOOD ]
- [*] Checking hypervisor vendor using cpuid(0x40000000) [ GOOD ]
- [*] Check if time has been accelerated [ GOOD ]
- [*] VM Driver Services [ GOOD ]
- [*] Checking SerialNumber from BIOS using WMI [ GOOD ]
- [*] Checking Model from ComputerSystem using WMI [ GOOD ]
- [*] Checking Manufacturer from ComputerSystem using WMI [ BAD ]
- [*] Checking Current Temperature using WMI [ GOOD ]
- [*] Checking ProcessId using WMI [ GOOD ]
- [*] Checking power capabilities [ BAD ]
- [*] Checking CPU fan using WMI [ BAD ]
- [*] Checking NtQueryLicenseValue with Kernel-VMDetection-Private [ GOOD ]
- [*] Checking Win32_CacheMemory with WMI [ BAD ]
- [*] Checking Win32_PhysicalMemory with WMI [ GOOD ]
- [*] Checking Win32_MemoryDevice with WMI [ BAD ]
- [*] Checking Win32_MemoryArray with WMI [ GOOD ]
- [*] Checking Win32_VoltageProbe with WMI [ BAD ]
- [*] Checking Win32_PortConnector with WMI [ BAD ]
- [*] Checking Win32_SMBIOSMemory with WMI [ GOOD ]
- [*] Checking ThermalZoneInfo performance counters with WMI [ BAD ]
- [*] Checking CIM_Memory with WMI [ BAD ]
- [*] Checking CIM_Sensor with WMI [ BAD ]
- [*] Checking CIM_NumericSensor with WMI [ BAD ]
- [*] Checking CIM_TemperatureSensor with WMI [ BAD ]
- [*] Checking CIM_VoltageSensor with WMI [ BAD ]
- [*] Checking CIM_PhysicalConnector with WMI [ BAD ]
- [*] Checking CIM_Slot with WMI [ BAD ]
- [*] Checking if Windows is Genuine [ GOOD ]
- [*] Checking Services\Disk\Enum entries for VM strings [ GOOD ]
- [*] Checking Enum\IDE and Enum\SCSI entries for VM strings [ BAD ]
- -------------------------[VirtualBox Detection]-------------------------
- [*] Checking reg key HARDWARE\Description\System - Identifier is set to VBOX [ GOOD ]
- [*] Checking reg key HARDWARE\Description\System - SystemBiosVersion is set to VBOX [ GOOD ]
- [*] Checking reg key HARDWARE\Description\System - VideoBiosVersion is set to VIRTUALBOX [ GOOD ]
- [*] Checking reg key HARDWARE\Description\System - SystemBiosDate is set to 06/23/99 [ GOOD ]
- [*] Checking VirtualBox Guest Additions directory [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\VBoxMouse.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\VBoxGuest.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\VBoxSF.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\VBoxVideo.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxdisp.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxhook.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxmrxnp.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxogl.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglarrayspu.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglcrutil.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglerrorspu.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglfeedbackspu.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglpackspu.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxoglpassthroughspu.dll [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxservice.exe [ GOOD ]
- [*] Checking file C:\Windows\System32\vboxtray.exe [ GOOD ]
- [*] Checking file C:\Windows\System32\VBoxControl.exe [ GOOD ]
- [*] Checking reg key HARDWARE\ACPI\DSDT\VBOX__ [ GOOD ]
- [*] Checking reg key HARDWARE\ACPI\FADT\VBOX__ [ GOOD ]
- [*] Checking reg key HARDWARE\ACPI\RSDT\VBOX__ [ GOOD ]
- [*] Checking reg key SOFTWARE\Oracle\VirtualBox Guest Additions [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxGuest [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxMouse [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxService [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxSF [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxVideo [ GOOD ]
- [*] Checking Mac Address start with 08:00:27 [ GOOD ]
- [*] Checking MAC address (Hybrid Analysis) [ GOOD ]
- [*] Checking device \\.\VBoxMiniRdrDN [ GOOD ]
- [*] Checking device \\.\VBoxGuest [ GOOD ]
- [*] Checking device \\.\pipe\VBoxMiniRdDN [ GOOD ]
- [*] Checking device \\.\VBoxTrayIPC [ GOOD ]
- [*] Checking device \\.\pipe\VBoxTrayIPC [ GOOD ]
- [*] Checking VBoxTrayToolWndClass / VBoxTrayToolWnd [ GOOD ]
- [*] Checking VirtualBox Shared Folders network provider [ GOOD ]
- [*] Checking VirtualBox process vboxservice.exe [ GOOD ]
- [*] Checking VirtualBox process vboxtray.exe [ GOOD ]
- [*] Checking Win32_PnPDevice DeviceId from WMI for VBox PCI device [ GOOD ]
- [*] Checking Win32_PnPDevice Name from WMI for VBox controller hardware [ GOOD ]
- [*] Checking Win32_PnPDevice Name from WMI for VBOX names [ GOOD ]
- [*] Checking Win32_Bus from WMI [ GOOD ]
- [*] Checking Win32_BaseBoard from WMI [ GOOD ]
- [*] Checking MAC address from WMI [ GOOD ]
- [*] Checking NTEventLog from WMI [ GOOD ]
- [*] Checking SMBIOS firmware [ GOOD ]
- [*] Checking ACPI tables [ GOOD ]
- -------------------------[VMWare Detection]-------------------------
- [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
- [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
- [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
- [*] Checking reg key SOFTWARE\VMware, Inc.\VMware Tools [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmnet.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmmouse.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmusb.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vm3dmp.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmci.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmhgfs.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmmemctl.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmx86.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmrawdsk.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmusbmouse.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmkdb.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmnetuserif.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vmnetadapter.sys [ GOOD ]
- [*] Checking MAC starting with 00:05:69 [ GOOD ]
- [*] Checking MAC starting with 00:0c:29 [ GOOD ]
- [*] Checking MAC starting with 00:1C:14 [ GOOD ]
- [*] Checking MAC starting with 00:50:56 [ GOOD ]
- [*] Checking VMWare network adapter name [ GOOD ]
- [*] Checking device \\.\HGFS [ GOOD ]
- [*] Checking device \\.\vmci [ GOOD ]
- [*] Checking VMWare directory [ GOOD ]
- [*] Checking SMBIOS firmware [ GOOD ]
- [*] Checking ACPI tables [ GOOD ]
- -------------------------[Virtual PC Detection]-------------------------
- [*] Checking Virtual PC processes VMSrvc.exe [ GOOD ]
- [*] Checking Virtual PC processes VMUSrvc.exe [ GOOD ]
- [*] Checking reg key SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters [ GOOD ]
- -------------------------[QEMU Detection]-------------------------
- [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
- [*] Checking reg key HARDWARE\Description\System [ GOOD ]
- [*] Checking qemu processes qemu-ga.exe [ GOOD ]
- [*] Checking qemu processes vdagent.exe [ GOOD ]
- [*] Checking qemu processes vdservice.exe [ GOOD ]
- [*] Checking QEMU directory C:\Program Files\qemu-ga [ GOOD ]
- [*] Checking QEMU directory C:\Program Files\SPICE Guest Tools [ GOOD ]
- [*] Checking SMBIOS firmware [ BAD ]
- [*] Checking ACPI tables [ GOOD ]
- -------------------------[Xen Detection]-------------------------
- [*] Checking Citrix Xen process xenservice.exe [ GOOD ]
- [*] Checking Mac Address start with 08:16:3E [ GOOD ]
- -------------------------[Xen Detection]-------------------------
- [*] Checking file C:\Windows\System32\drivers\balloon.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\netkvm.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\pvpanic.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\viofs.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\viogpudo.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vioinput.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\viorng.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vioscsi.sys [ GOOD ]
- [*] Checking file C:\Windows\System32\drivers\vioser.sys [ BAD ]
- [*] Checking file C:\Windows\System32\drivers\viostor.sys [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\vioscsi [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\viostor [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VirtIO-FS Service [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\VirtioSerial [ BAD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\BALLOON [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\BalloonService [ GOOD ]
- [*] Checking reg key SYSTEM\ControlSet001\Services\netkvm [ GOOD ]
- [*] Checking KVM virio directory [ GOOD ]
- -------------------------[Wine Detection]-------------------------
- [*] Checking Wine via dll exports [ GOOD ]
- [*] Checking reg key SOFTWARE\Wine [ GOOD ]
- -------------------------[Paralles Detection]-------------------------
- [*] Checking Parallels processes: prl_cc.exe [ GOOD ]
- [*] Checking Parallels processes: prl_tools.exe [ GOOD ]
- [*] Checking Mac Address start with 00:1C:42 [ GOOD ]
- -------------------------[Hyper-V Detection]-------------------------
- [*] Checking for Hyper-V driver objects [ GOOD ]
- [*] Checking for Hyper-V global objects [ BAD ]
- -------------------------[Timing-attacks]-------------------------
- [*] Delay value is set to 10 minutes ...
- [*] Performing a sleep using NtDelayExecution ... [ GOOD ]
- [*] Performing a sleep() in a loop ... [ GOOD ]
- [*] Delaying execution using SetTimer ... [ GOOD ]
- [*] Delaying execution using timeSetEvent ... [ GOOD ]
- [*] Delaying execution using WaitForSingleObject ... [ GOOD ]
- [*] Delaying execution using IcmpSendEcho ... [ GOOD ]
- [*] Delaying execution using CreateWaitableTimer ... [ GOOD ]
- [*] Delaying execution using CreateTimerQueueTimer ... [ GOOD ]
- [*] Checking RDTSC Locky trick [ GOOD ]
- [*] Checking RDTSC which force a VM Exit (cpuid) [ BAD ]
- -------------------------[Analysis-tools]-------------------------
- [*] Checking process of malware analysis tool: ollydbg.exe [ GOOD ]
- [*] Checking process of malware analysis tool: ProcessHacker.exe [ GOOD ]
- [*] Checking process of malware analysis tool: tcpview.exe [ GOOD ]
- [*] Checking process of malware analysis tool: autoruns.exe [ GOOD ]
- [*] Checking process of malware analysis tool: autorunsc.exe [ GOOD ]
- [*] Checking process of malware analysis tool: filemon.exe [ GOOD ]
- [*] Checking process of malware analysis tool: procmon.exe [ GOOD ]
- [*] Checking process of malware analysis tool: regmon.exe [ GOOD ]
- [*] Checking process of malware analysis tool: procexp.exe [ GOOD ]
- [*] Checking process of malware analysis tool: idaq.exe [ GOOD ]
- [*] Checking process of malware analysis tool: idaq64.exe [ GOOD ]
- [*] Checking process of malware analysis tool: ImmunityDebugger.exe [ GOOD ]
- [*] Checking process of malware analysis tool: Wireshark.exe [ GOOD ]
- [*] Checking process of malware analysis tool: dumpcap.exe [ GOOD ]
- [*] Checking process of malware analysis tool: HookExplorer.exe [ GOOD ]
- [*] Checking process of malware analysis tool: ImportREC.exe [ GOOD ]
- [*] Checking process of malware analysis tool: PETools.exe [ GOOD ]
- [*] Checking process of malware analysis tool: LordPE.exe [ GOOD ]
- [*] Checking process of malware analysis tool: SysInspector.exe [ GOOD ]
- [*] Checking process of malware analysis tool: proc_analyzer.exe [ GOOD ]
- [*] Checking process of malware analysis tool: sysAnalyzer.exe [ GOOD ]
- [*] Checking process of malware analysis tool: sniff_hit.exe [ GOOD ]
- [*] Checking process of malware analysis tool: windbg.exe [ GOOD ]
- [*] Checking process of malware analysis tool: joeboxcontrol.exe [ GOOD ]
- [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
- [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
- [*] Checking process of malware analysis tool: ResourceHacker.exe [ GOOD ]
- [*] Checking process of malware analysis tool: x32dbg.exe [ GOOD ]
- [*] Checking process of malware analysis tool: x64dbg.exe [ GOOD ]
- [*] Checking process of malware analysis tool: Fiddler.exe [ GOOD ]
- [*] Checking process of malware analysis tool: httpdebugger.exe [ GOOD ]
- [*] Checking process of malware analysis tool: cheatengine-i386.exe [ GOOD ]
- [*] Checking process of malware analysis tool: cheatengine-x86_64.exe [ GOOD ]
- [*] Checking process of malware analysis tool: cheatengine-x86_64-SSE4-AVX2.exe [ GOOD ]
- Begin AntiDisassmConstantCondition
- Begin AntiDisassmAsmJmpSameTarget
- Begin AntiDisassmImpossibleDiasassm
- Begin AntiDisassmFunctionPointer
- Begin AntiDisassmReturnPointerAbuse
- -------------------------[Anti Dumping]-------------------------
- [*] Erasing PE header from memory
- [*] Increasing SizeOfImage in PE Header to: 0x100000
- Analysis done, I hope you didn't get red flags :)
Add Comment
Please, Sign In to add comment