API tools faq
paste
Guest User

Al-khaser log (:

a guest
Nov 27th, 2023
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.58 KB | None | 0 0
raw download clone embed print report
  1. [al-khaser version 0.82]
  2. -------------------------[Initialisation]-------------------------
  3.  
  4. [*] You are running: Microsoft Windows 10 (build 19045) 64-bit
  5. [*] All APIs present and accounted for.
  6.  
  7. -------------------------[TLS Callbacks]-------------------------
  8. [*] TLS process attach callback [ GOOD ]
  9. [*] TLS thread attach callback [ GOOD ]
  10.  
  11. -------------------------[Debugger Detection]-------------------------
  12. [*] Checking IsDebuggerPresent API [ GOOD ]
  13. [*] Checking PEB.BeingDebugged [ GOOD ]
  14. [*] Checking CheckRemoteDebuggerPresent API [ GOOD ]
  15. [*] Checking PEB.NtGlobalFlag [ GOOD ]
  16. [*] Checking ProcessHeap.Flags [ GOOD ]
  17. [*] Checking ProcessHeap.ForceFlags [ GOOD ]
  18. [*] Checking Low Fragmentation Heap [ GOOD ]
  19. [*] Checking NtQueryInformationProcess with ProcessDebugPort [ GOOD ]
  20. [*] Checking NtQueryInformationProcess with ProcessDebugFlags [ GOOD ]
  21. [*] Checking NtQueryInformationProcess with ProcessDebugObject [ GOOD ]
  22. [*] Checking WudfIsAnyDebuggerPresent API [ GOOD ]
  23. [*] Checking WudfIsKernelDebuggerPresent API [ GOOD ]
  24. [*] Checking WudfIsUserDebuggerPresent API [ GOOD ]
  25. [*] Checking NtSetInformationThread with ThreadHideFromDebugger [ GOOD ]
  26. [*] Checking CloseHandle with an invalide handle [ GOOD ]
  27. [*] Checking NtSystemDebugControl [ GOOD ]
  28. [*] Checking UnhandledExcepFilterTest [ GOOD ]
  29. [*] Checking OutputDebugString [ GOOD ]
  30. [*] Checking Hardware Breakpoints [ GOOD ]
  31. [*] Checking Software Breakpoints [ BAD ]
  32. [*] Checking Interupt 0x2d [ GOOD ]
  33. [*] Checking Interupt 1 [ GOOD ]
  34. [*] Checking trap flag [ GOOD ]
  35. [*] Checking Memory Breakpoints PAGE GUARD [ GOOD ]
  36. [*] Checking If Parent Process is explorer.exe [ GOOD ]
  37. [*] Checking SeDebugPrivilege [ GOOD ]
  38. [*] Checking NtQueryObject with ObjectTypeInformation [ GOOD ]
  39. [*] Checking NtQueryObject with ObjectAllTypesInformation [ GOOD ]
  40. [*] Checking NtYieldExecution [ GOOD ]
  41. [*] Checking CloseHandle protected handle trick [ GOOD ]
  42. [*] Checking NtQuerySystemInformation with SystemKernelDebuggerInformation [ GOOD ]
  43. [*] Checking SharedUserData->KdDebuggerEnabled [ GOOD ]
  44. [*] Checking if process is in a job [ GOOD ]
  45. [*] Checking VirtualAlloc write watch (buffer only) [ GOOD ]
  46. [*] Checking VirtualAlloc write watch (API calls) [ GOOD ]
  47. [*] Checking VirtualAlloc write watch (IsDebuggerPresent) [ GOOD ]
  48. [*] Checking VirtualAlloc write watch (code write) [ GOOD ]
  49. [*] Checking for page exception breakpoints [ GOOD ]
  50. [*] Checking for API hooks outside module bounds [ GOOD ]
  51.  
  52. -------------------------[DLL Injection Detection]-------------------------
  53. [*] Enumerating modules with EnumProcessModulesEx [32-bit] [ GOOD ]
  54. [*] Enumerating modules with EnumProcessModulesEx [64-bit] [ GOOD ]
  55. [*] Enumerating modules with EnumProcessModulesEx [ALL] [ GOOD ]
  56. [*] Enumerating modules with ToolHelp32 [ GOOD ]
  57. [*] Enumerating the process LDR via LdrEnumerateLoadedModules [ GOOD ]
  58. [*] Enumerating the process LDR directly [ GOOD ]
  59. [*] Walking process memory with GetModuleInformation [ GOOD ]
  60. [*] Walking process memory for hidden modules [ GOOD ]
  61. [*] Walking process memory for .NET module structures [ GOOD ]
  62.  
  63. -------------------------[Generic Sandboxe/VM Detection]-------------------------
  64. [*] Checking if process loaded modules contains: avghookx.dll [ GOOD ]
  65. [*] Checking if process loaded modules contains: avghooka.dll [ GOOD ]
  66. [*] Checking if process loaded modules contains: snxhk.dll [ GOOD ]
  67. [*] Checking if process loaded modules contains: sbiedll.dll [ GOOD ]
  68. [*] Checking if process loaded modules contains: dbghelp.dll [ GOOD ]
  69. [*] Checking if process loaded modules contains: api_log.dll [ GOOD ]
  70. [*] Checking if process loaded modules contains: dir_watch.dll [ GOOD ]
  71. [*] Checking if process loaded modules contains: pstorec.dll [ GOOD ]
  72. [*] Checking if process loaded modules contains: vmcheck.dll [ GOOD ]
  73. [*] Checking if process loaded modules contains: wpespy.dll [ GOOD ]
  74. [*] Checking if process loaded modules contains: cmdvrt64.dll [ GOOD ]
  75. [*] Checking if process loaded modules contains: cmdvrt32.dll [ GOOD ]
  76. [*] Checking if process file name contains: sample.exe [ GOOD ]
  77. [*] Checking if process file name contains: bot.exe [ GOOD ]
  78. [*] Checking if process file name contains: sandbox.exe [ GOOD ]
  79. [*] Checking if process file name contains: malware.exe [ GOOD ]
  80. [*] Checking if process file name contains: test.exe [ GOOD ]
  81. [*] Checking if process file name contains: klavme.exe [ GOOD ]
  82. [*] Checking if process file name contains: myapp.exe [ GOOD ]
  83. [*] Checking if process file name contains: testapp.exe [ GOOD ]
  84. [*] Checking if process file name looks like a hash: al-khaser [ GOOD ]
  85. [*] Checking if username matches : CurrentUser [ GOOD ]
  86. [*] Checking if username matches : Sandbox [ GOOD ]
  87. [*] Checking if username matches : Emily [ GOOD ]
  88. [*] Checking if username matches : HAPUBWS [ GOOD ]
  89. [*] Checking if username matches : Hong Lee [ GOOD ]
  90. [*] Checking if username matches : IT-ADMIN [ GOOD ]
  91. [*] Checking if username matches : Johnson [ GOOD ]
  92. [*] Checking if username matches : Miller [ GOOD ]
  93. [*] Checking if username matches : milozs [ GOOD ]
  94. [*] Checking if username matches : Peter Wilson [ GOOD ]
  95. [*] Checking if username matches : timmy [ GOOD ]
  96. [*] Checking if username matches : user [ GOOD ]
  97. [*] Checking if username matches : sand box [ GOOD ]
  98. [*] Checking if username matches : malware [ GOOD ]
  99. [*] Checking if username matches : maltest [ GOOD ]
  100. [*] Checking if username matches : test user [ GOOD ]
  101. [*] Checking if username matches : virus [ GOOD ]
  102. [*] Checking if username matches : John Doe [ GOOD ]
  103. [*] Checking if hostname matches : SANDBOX [ GOOD ]
  104. [*] Checking if hostname matches : 7SILVIA [ GOOD ]
  105. [*] Checking if hostname matches : HANSPETER-PC [ GOOD ]
  106. [*] Checking if hostname matches : JOHN-PC [ GOOD ]
  107. [*] Checking if hostname matches : MUELLER-PC [ GOOD ]
  108. [*] Checking if hostname matches : WIN7-TRAPS [ GOOD ]
  109. [*] Checking if hostname matches : FORTINET [ GOOD ]
  110. [*] Checking if hostname matches : TEQUILABOOMBOOM [ GOOD ]
  111. [*] Checking whether username is 'Wilber' and NetBIOS name starts with 'SC' or 'SW' [ GOOD ]
  112. [*] Checking whether username is 'admin' and NetBIOS name is 'SystemIT' [ GOOD ]
  113. [*] Checking whether username is 'admin' and DNS hostname is 'KLONE_X64-PC' [ GOOD ]
  114. [*] Checking whether username is 'John' and two sandbox files exist [ GOOD ]
  115. [*] Checking whether four known sandbox 'email' file paths exist [ GOOD ]
  116. [*] Checking whether three known sandbox 'foobar' files exist [ GOOD ]
  117. [*] Checking Number of processors in machine [ GOOD ]
  118. [*] Checking Interupt Descriptor Table location [ GOOD ]
  119. [*] Checking Local Descriptor Table location [ BAD ]
  120. [*] Checking Global Descriptor Table location [ GOOD ]
  121. [*] Checking Store Task Register [ GOOD ]
  122. [*] Checking Number of cores in machine using WMI [ GOOD ]
  123. [*] Checking hard disk size using WMI [ GOOD ]
  124. [*] Checking hard disk size using DeviceIoControl [ GOOD ]
  125. [*] Checking SetupDi_diskdrive [ GOOD ]
  126. [*] Checking mouse movement [ GOOD ]
  127. [*] Checking lack of user input [ GOOD ]
  128. [*] Checking memory space using GlobalMemoryStatusEx [ GOOD ]
  129. [*] Checking disk size using GetDiskFreeSpaceEx [ GOOD ]
  130. [*] Checking if CPU hypervisor field is set using cpuid(0x1) [ GOOD ]
  131. [*] Checking hypervisor vendor using cpuid(0x40000000) [ GOOD ]
  132. [*] Check if time has been accelerated [ GOOD ]
  133. [*] VM Driver Services [ GOOD ]
  134. [*] Checking SerialNumber from BIOS using WMI [ GOOD ]
  135. [*] Checking Model from ComputerSystem using WMI [ GOOD ]
  136. [*] Checking Manufacturer from ComputerSystem using WMI [ BAD ]
  137. [*] Checking Current Temperature using WMI [ GOOD ]
  138. [*] Checking ProcessId using WMI [ GOOD ]
  139. [*] Checking power capabilities [ BAD ]
  140. [*] Checking CPU fan using WMI [ BAD ]
  141. [*] Checking NtQueryLicenseValue with Kernel-VMDetection-Private [ GOOD ]
  142. [*] Checking Win32_CacheMemory with WMI [ BAD ]
  143. [*] Checking Win32_PhysicalMemory with WMI [ GOOD ]
  144. [*] Checking Win32_MemoryDevice with WMI [ BAD ]
  145. [*] Checking Win32_MemoryArray with WMI [ GOOD ]
  146. [*] Checking Win32_VoltageProbe with WMI [ BAD ]
  147. [*] Checking Win32_PortConnector with WMI [ BAD ]
  148. [*] Checking Win32_SMBIOSMemory with WMI [ GOOD ]
  149. [*] Checking ThermalZoneInfo performance counters with WMI [ BAD ]
  150. [*] Checking CIM_Memory with WMI [ BAD ]
  151. [*] Checking CIM_Sensor with WMI [ BAD ]
  152. [*] Checking CIM_NumericSensor with WMI [ BAD ]
  153. [*] Checking CIM_TemperatureSensor with WMI [ BAD ]
  154. [*] Checking CIM_VoltageSensor with WMI [ BAD ]
  155. [*] Checking CIM_PhysicalConnector with WMI [ BAD ]
  156. [*] Checking CIM_Slot with WMI [ BAD ]
  157. [*] Checking if Windows is Genuine [ GOOD ]
  158. [*] Checking Services\Disk\Enum entries for VM strings [ GOOD ]
  159. [*] Checking Enum\IDE and Enum\SCSI entries for VM strings [ BAD ]
  160.  
  161. -------------------------[VirtualBox Detection]-------------------------
  162. [*] Checking reg key HARDWARE\Description\System - Identifier is set to VBOX [ GOOD ]
  163. [*] Checking reg key HARDWARE\Description\System - SystemBiosVersion is set to VBOX [ GOOD ]
  164. [*] Checking reg key HARDWARE\Description\System - VideoBiosVersion is set to VIRTUALBOX [ GOOD ]
  165. [*] Checking reg key HARDWARE\Description\System - SystemBiosDate is set to 06/23/99 [ GOOD ]
  166. [*] Checking VirtualBox Guest Additions directory [ GOOD ]
  167. [*] Checking file C:\Windows\System32\drivers\VBoxMouse.sys [ GOOD ]
  168. [*] Checking file C:\Windows\System32\drivers\VBoxGuest.sys [ GOOD ]
  169. [*] Checking file C:\Windows\System32\drivers\VBoxSF.sys [ GOOD ]
  170. [*] Checking file C:\Windows\System32\drivers\VBoxVideo.sys [ GOOD ]
  171. [*] Checking file C:\Windows\System32\vboxdisp.dll [ GOOD ]
  172. [*] Checking file C:\Windows\System32\vboxhook.dll [ GOOD ]
  173. [*] Checking file C:\Windows\System32\vboxmrxnp.dll [ GOOD ]
  174. [*] Checking file C:\Windows\System32\vboxogl.dll [ GOOD ]
  175. [*] Checking file C:\Windows\System32\vboxoglarrayspu.dll [ GOOD ]
  176. [*] Checking file C:\Windows\System32\vboxoglcrutil.dll [ GOOD ]
  177. [*] Checking file C:\Windows\System32\vboxoglerrorspu.dll [ GOOD ]
  178. [*] Checking file C:\Windows\System32\vboxoglfeedbackspu.dll [ GOOD ]
  179. [*] Checking file C:\Windows\System32\vboxoglpackspu.dll [ GOOD ]
  180. [*] Checking file C:\Windows\System32\vboxoglpassthroughspu.dll [ GOOD ]
  181. [*] Checking file C:\Windows\System32\vboxservice.exe [ GOOD ]
  182. [*] Checking file C:\Windows\System32\vboxtray.exe [ GOOD ]
  183. [*] Checking file C:\Windows\System32\VBoxControl.exe [ GOOD ]
  184. [*] Checking reg key HARDWARE\ACPI\DSDT\VBOX__ [ GOOD ]
  185. [*] Checking reg key HARDWARE\ACPI\FADT\VBOX__ [ GOOD ]
  186. [*] Checking reg key HARDWARE\ACPI\RSDT\VBOX__ [ GOOD ]
  187. [*] Checking reg key SOFTWARE\Oracle\VirtualBox Guest Additions [ GOOD ]
  188. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxGuest [ GOOD ]
  189. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxMouse [ GOOD ]
  190. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxService [ GOOD ]
  191. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxSF [ GOOD ]
  192. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxVideo [ GOOD ]
  193. [*] Checking Mac Address start with 08:00:27 [ GOOD ]
  194. [*] Checking MAC address (Hybrid Analysis) [ GOOD ]
  195. [*] Checking device \\.\VBoxMiniRdrDN [ GOOD ]
  196. [*] Checking device \\.\VBoxGuest [ GOOD ]
  197. [*] Checking device \\.\pipe\VBoxMiniRdDN [ GOOD ]
  198. [*] Checking device \\.\VBoxTrayIPC [ GOOD ]
  199. [*] Checking device \\.\pipe\VBoxTrayIPC [ GOOD ]
  200. [*] Checking VBoxTrayToolWndClass / VBoxTrayToolWnd [ GOOD ]
  201. [*] Checking VirtualBox Shared Folders network provider [ GOOD ]
  202. [*] Checking VirtualBox process vboxservice.exe [ GOOD ]
  203. [*] Checking VirtualBox process vboxtray.exe [ GOOD ]
  204. [*] Checking Win32_PnPDevice DeviceId from WMI for VBox PCI device [ GOOD ]
  205. [*] Checking Win32_PnPDevice Name from WMI for VBox controller hardware [ GOOD ]
  206. [*] Checking Win32_PnPDevice Name from WMI for VBOX names [ GOOD ]
  207. [*] Checking Win32_Bus from WMI [ GOOD ]
  208. [*] Checking Win32_BaseBoard from WMI [ GOOD ]
  209. [*] Checking MAC address from WMI [ GOOD ]
  210. [*] Checking NTEventLog from WMI [ GOOD ]
  211. [*] Checking SMBIOS firmware [ GOOD ]
  212. [*] Checking ACPI tables [ GOOD ]
  213.  
  214. -------------------------[VMWare Detection]-------------------------
  215. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  216. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  217. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  218. [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
  219. [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
  220. [*] Checking reg key SOFTWARE\VMware, Inc.\VMware Tools [ GOOD ]
  221. [*] Checking file C:\Windows\System32\drivers\vmnet.sys [ GOOD ]
  222. [*] Checking file C:\Windows\System32\drivers\vmmouse.sys [ GOOD ]
  223. [*] Checking file C:\Windows\System32\drivers\vmusb.sys [ GOOD ]
  224. [*] Checking file C:\Windows\System32\drivers\vm3dmp.sys [ GOOD ]
  225. [*] Checking file C:\Windows\System32\drivers\vmci.sys [ GOOD ]
  226. [*] Checking file C:\Windows\System32\drivers\vmhgfs.sys [ GOOD ]
  227. [*] Checking file C:\Windows\System32\drivers\vmmemctl.sys [ GOOD ]
  228. [*] Checking file C:\Windows\System32\drivers\vmx86.sys [ GOOD ]
  229. [*] Checking file C:\Windows\System32\drivers\vmrawdsk.sys [ GOOD ]
  230. [*] Checking file C:\Windows\System32\drivers\vmusbmouse.sys [ GOOD ]
  231. [*] Checking file C:\Windows\System32\drivers\vmkdb.sys [ GOOD ]
  232. [*] Checking file C:\Windows\System32\drivers\vmnetuserif.sys [ GOOD ]
  233. [*] Checking file C:\Windows\System32\drivers\vmnetadapter.sys [ GOOD ]
  234. [*] Checking MAC starting with 00:05:69 [ GOOD ]
  235. [*] Checking MAC starting with 00:0c:29 [ GOOD ]
  236. [*] Checking MAC starting with 00:1C:14 [ GOOD ]
  237. [*] Checking MAC starting with 00:50:56 [ GOOD ]
  238. [*] Checking VMWare network adapter name [ GOOD ]
  239. [*] Checking device \\.\HGFS [ GOOD ]
  240. [*] Checking device \\.\vmci [ GOOD ]
  241. [*] Checking VMWare directory [ GOOD ]
  242. [*] Checking SMBIOS firmware [ GOOD ]
  243. [*] Checking ACPI tables [ GOOD ]
  244.  
  245. -------------------------[Virtual PC Detection]-------------------------
  246. [*] Checking Virtual PC processes VMSrvc.exe [ GOOD ]
  247. [*] Checking Virtual PC processes VMUSrvc.exe [ GOOD ]
  248. [*] Checking reg key SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters [ GOOD ]
  249.  
  250. -------------------------[QEMU Detection]-------------------------
  251. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  252. [*] Checking reg key HARDWARE\Description\System [ GOOD ]
  253. [*] Checking qemu processes qemu-ga.exe [ GOOD ]
  254. [*] Checking qemu processes vdagent.exe [ GOOD ]
  255. [*] Checking qemu processes vdservice.exe [ GOOD ]
  256. [*] Checking QEMU directory C:\Program Files\qemu-ga [ GOOD ]
  257. [*] Checking QEMU directory C:\Program Files\SPICE Guest Tools [ GOOD ]
  258. [*] Checking SMBIOS firmware [ BAD ]
  259. [*] Checking ACPI tables [ GOOD ]
  260.  
  261. -------------------------[Xen Detection]-------------------------
  262. [*] Checking Citrix Xen process xenservice.exe [ GOOD ]
  263. [*] Checking Mac Address start with 08:16:3E [ GOOD ]
  264.  
  265. -------------------------[Xen Detection]-------------------------
  266. [*] Checking file C:\Windows\System32\drivers\balloon.sys [ GOOD ]
  267. [*] Checking file C:\Windows\System32\drivers\netkvm.sys [ GOOD ]
  268. [*] Checking file C:\Windows\System32\drivers\pvpanic.sys [ GOOD ]
  269. [*] Checking file C:\Windows\System32\drivers\viofs.sys [ GOOD ]
  270. [*] Checking file C:\Windows\System32\drivers\viogpudo.sys [ GOOD ]
  271. [*] Checking file C:\Windows\System32\drivers\vioinput.sys [ GOOD ]
  272. [*] Checking file C:\Windows\System32\drivers\viorng.sys [ GOOD ]
  273. [*] Checking file C:\Windows\System32\drivers\vioscsi.sys [ GOOD ]
  274. [*] Checking file C:\Windows\System32\drivers\vioser.sys [ BAD ]
  275. [*] Checking file C:\Windows\System32\drivers\viostor.sys [ GOOD ]
  276. [*] Checking reg key SYSTEM\ControlSet001\Services\vioscsi [ GOOD ]
  277. [*] Checking reg key SYSTEM\ControlSet001\Services\viostor [ GOOD ]
  278. [*] Checking reg key SYSTEM\ControlSet001\Services\VirtIO-FS Service [ GOOD ]
  279. [*] Checking reg key SYSTEM\ControlSet001\Services\VirtioSerial [ BAD ]
  280. [*] Checking reg key SYSTEM\ControlSet001\Services\BALLOON [ GOOD ]
  281. [*] Checking reg key SYSTEM\ControlSet001\Services\BalloonService [ GOOD ]
  282. [*] Checking reg key SYSTEM\ControlSet001\Services\netkvm [ GOOD ]
  283. [*] Checking KVM virio directory [ GOOD ]
  284.  
  285. -------------------------[Wine Detection]-------------------------
  286. [*] Checking Wine via dll exports [ GOOD ]
  287. [*] Checking reg key SOFTWARE\Wine [ GOOD ]
  288.  
  289. -------------------------[Paralles Detection]-------------------------
  290. [*] Checking Parallels processes: prl_cc.exe [ GOOD ]
  291. [*] Checking Parallels processes: prl_tools.exe [ GOOD ]
  292. [*] Checking Mac Address start with 00:1C:42 [ GOOD ]
  293.  
  294. -------------------------[Hyper-V Detection]-------------------------
  295. [*] Checking for Hyper-V driver objects [ GOOD ]
  296. [*] Checking for Hyper-V global objects [ BAD ]
  297.  
  298. -------------------------[Timing-attacks]-------------------------
  299.  
  300. [*] Delay value is set to 10 minutes ...
  301. [*] Performing a sleep using NtDelayExecution ... [ GOOD ]
  302. [*] Performing a sleep() in a loop ... [ GOOD ]
  303. [*] Delaying execution using SetTimer ... [ GOOD ]
  304. [*] Delaying execution using timeSetEvent ... [ GOOD ]
  305. [*] Delaying execution using WaitForSingleObject ... [ GOOD ]
  306. [*] Delaying execution using IcmpSendEcho ... [ GOOD ]
  307. [*] Delaying execution using CreateWaitableTimer ... [ GOOD ]
  308. [*] Delaying execution using CreateTimerQueueTimer ... [ GOOD ]
  309. [*] Checking RDTSC Locky trick [ GOOD ]
  310. [*] Checking RDTSC which force a VM Exit (cpuid) [ BAD ]
  311.  
  312. -------------------------[Analysis-tools]-------------------------
  313. [*] Checking process of malware analysis tool: ollydbg.exe [ GOOD ]
  314. [*] Checking process of malware analysis tool: ProcessHacker.exe [ GOOD ]
  315. [*] Checking process of malware analysis tool: tcpview.exe [ GOOD ]
  316. [*] Checking process of malware analysis tool: autoruns.exe [ GOOD ]
  317. [*] Checking process of malware analysis tool: autorunsc.exe [ GOOD ]
  318. [*] Checking process of malware analysis tool: filemon.exe [ GOOD ]
  319. [*] Checking process of malware analysis tool: procmon.exe [ GOOD ]
  320. [*] Checking process of malware analysis tool: regmon.exe [ GOOD ]
  321. [*] Checking process of malware analysis tool: procexp.exe [ GOOD ]
  322. [*] Checking process of malware analysis tool: idaq.exe [ GOOD ]
  323. [*] Checking process of malware analysis tool: idaq64.exe [ GOOD ]
  324. [*] Checking process of malware analysis tool: ImmunityDebugger.exe [ GOOD ]
  325. [*] Checking process of malware analysis tool: Wireshark.exe [ GOOD ]
  326. [*] Checking process of malware analysis tool: dumpcap.exe [ GOOD ]
  327. [*] Checking process of malware analysis tool: HookExplorer.exe [ GOOD ]
  328. [*] Checking process of malware analysis tool: ImportREC.exe [ GOOD ]
  329. [*] Checking process of malware analysis tool: PETools.exe [ GOOD ]
  330. [*] Checking process of malware analysis tool: LordPE.exe [ GOOD ]
  331. [*] Checking process of malware analysis tool: SysInspector.exe [ GOOD ]
  332. [*] Checking process of malware analysis tool: proc_analyzer.exe [ GOOD ]
  333. [*] Checking process of malware analysis tool: sysAnalyzer.exe [ GOOD ]
  334. [*] Checking process of malware analysis tool: sniff_hit.exe [ GOOD ]
  335. [*] Checking process of malware analysis tool: windbg.exe [ GOOD ]
  336. [*] Checking process of malware analysis tool: joeboxcontrol.exe [ GOOD ]
  337. [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
  338. [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
  339. [*] Checking process of malware analysis tool: ResourceHacker.exe [ GOOD ]
  340. [*] Checking process of malware analysis tool: x32dbg.exe [ GOOD ]
  341. [*] Checking process of malware analysis tool: x64dbg.exe [ GOOD ]
  342. [*] Checking process of malware analysis tool: Fiddler.exe [ GOOD ]
  343. [*] Checking process of malware analysis tool: httpdebugger.exe [ GOOD ]
  344. [*] Checking process of malware analysis tool: cheatengine-i386.exe [ GOOD ]
  345. [*] Checking process of malware analysis tool: cheatengine-x86_64.exe [ GOOD ]
  346. [*] Checking process of malware analysis tool: cheatengine-x86_64-SSE4-AVX2.exe [ GOOD ]
  347. Begin AntiDisassmConstantCondition
  348. Begin AntiDisassmAsmJmpSameTarget
  349. Begin AntiDisassmImpossibleDiasassm
  350. Begin AntiDisassmFunctionPointer
  351. Begin AntiDisassmReturnPointerAbuse
  352.  
  353. -------------------------[Anti Dumping]-------------------------
  354. [*] Erasing PE header from memory
  355. [*] Increasing SizeOfImage in PE Header to: 0x100000
  356.  
  357.  
  358. Analysis done, I hope you didn't get red flags :)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!