Guest User

Al-khaser log (:

a guest
Nov 27th, 2023
74
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.58 KB | None | 0 0
  1. [al-khaser version 0.82]
  2. -------------------------[Initialisation]-------------------------
  3.  
  4. [*] You are running: Microsoft Windows 10 (build 19045) 64-bit
  5. [*] All APIs present and accounted for.
  6.  
  7. -------------------------[TLS Callbacks]-------------------------
  8. [*] TLS process attach callback [ GOOD ]
  9. [*] TLS thread attach callback [ GOOD ]
  10.  
  11. -------------------------[Debugger Detection]-------------------------
  12. [*] Checking IsDebuggerPresent API [ GOOD ]
  13. [*] Checking PEB.BeingDebugged [ GOOD ]
  14. [*] Checking CheckRemoteDebuggerPresent API [ GOOD ]
  15. [*] Checking PEB.NtGlobalFlag [ GOOD ]
  16. [*] Checking ProcessHeap.Flags [ GOOD ]
  17. [*] Checking ProcessHeap.ForceFlags [ GOOD ]
  18. [*] Checking Low Fragmentation Heap [ GOOD ]
  19. [*] Checking NtQueryInformationProcess with ProcessDebugPort [ GOOD ]
  20. [*] Checking NtQueryInformationProcess with ProcessDebugFlags [ GOOD ]
  21. [*] Checking NtQueryInformationProcess with ProcessDebugObject [ GOOD ]
  22. [*] Checking WudfIsAnyDebuggerPresent API [ GOOD ]
  23. [*] Checking WudfIsKernelDebuggerPresent API [ GOOD ]
  24. [*] Checking WudfIsUserDebuggerPresent API [ GOOD ]
  25. [*] Checking NtSetInformationThread with ThreadHideFromDebugger [ GOOD ]
  26. [*] Checking CloseHandle with an invalide handle [ GOOD ]
  27. [*] Checking NtSystemDebugControl [ GOOD ]
  28. [*] Checking UnhandledExcepFilterTest [ GOOD ]
  29. [*] Checking OutputDebugString [ GOOD ]
  30. [*] Checking Hardware Breakpoints [ GOOD ]
  31. [*] Checking Software Breakpoints [ BAD ]
  32. [*] Checking Interupt 0x2d [ GOOD ]
  33. [*] Checking Interupt 1 [ GOOD ]
  34. [*] Checking trap flag [ GOOD ]
  35. [*] Checking Memory Breakpoints PAGE GUARD [ GOOD ]
  36. [*] Checking If Parent Process is explorer.exe [ GOOD ]
  37. [*] Checking SeDebugPrivilege [ GOOD ]
  38. [*] Checking NtQueryObject with ObjectTypeInformation [ GOOD ]
  39. [*] Checking NtQueryObject with ObjectAllTypesInformation [ GOOD ]
  40. [*] Checking NtYieldExecution [ GOOD ]
  41. [*] Checking CloseHandle protected handle trick [ GOOD ]
  42. [*] Checking NtQuerySystemInformation with SystemKernelDebuggerInformation [ GOOD ]
  43. [*] Checking SharedUserData->KdDebuggerEnabled [ GOOD ]
  44. [*] Checking if process is in a job [ GOOD ]
  45. [*] Checking VirtualAlloc write watch (buffer only) [ GOOD ]
  46. [*] Checking VirtualAlloc write watch (API calls) [ GOOD ]
  47. [*] Checking VirtualAlloc write watch (IsDebuggerPresent) [ GOOD ]
  48. [*] Checking VirtualAlloc write watch (code write) [ GOOD ]
  49. [*] Checking for page exception breakpoints [ GOOD ]
  50. [*] Checking for API hooks outside module bounds [ GOOD ]
  51.  
  52. -------------------------[DLL Injection Detection]-------------------------
  53. [*] Enumerating modules with EnumProcessModulesEx [32-bit] [ GOOD ]
  54. [*] Enumerating modules with EnumProcessModulesEx [64-bit] [ GOOD ]
  55. [*] Enumerating modules with EnumProcessModulesEx [ALL] [ GOOD ]
  56. [*] Enumerating modules with ToolHelp32 [ GOOD ]
  57. [*] Enumerating the process LDR via LdrEnumerateLoadedModules [ GOOD ]
  58. [*] Enumerating the process LDR directly [ GOOD ]
  59. [*] Walking process memory with GetModuleInformation [ GOOD ]
  60. [*] Walking process memory for hidden modules [ GOOD ]
  61. [*] Walking process memory for .NET module structures [ GOOD ]
  62.  
  63. -------------------------[Generic Sandboxe/VM Detection]-------------------------
  64. [*] Checking if process loaded modules contains: avghookx.dll [ GOOD ]
  65. [*] Checking if process loaded modules contains: avghooka.dll [ GOOD ]
  66. [*] Checking if process loaded modules contains: snxhk.dll [ GOOD ]
  67. [*] Checking if process loaded modules contains: sbiedll.dll [ GOOD ]
  68. [*] Checking if process loaded modules contains: dbghelp.dll [ GOOD ]
  69. [*] Checking if process loaded modules contains: api_log.dll [ GOOD ]
  70. [*] Checking if process loaded modules contains: dir_watch.dll [ GOOD ]
  71. [*] Checking if process loaded modules contains: pstorec.dll [ GOOD ]
  72. [*] Checking if process loaded modules contains: vmcheck.dll [ GOOD ]
  73. [*] Checking if process loaded modules contains: wpespy.dll [ GOOD ]
  74. [*] Checking if process loaded modules contains: cmdvrt64.dll [ GOOD ]
  75. [*] Checking if process loaded modules contains: cmdvrt32.dll [ GOOD ]
  76. [*] Checking if process file name contains: sample.exe [ GOOD ]
  77. [*] Checking if process file name contains: bot.exe [ GOOD ]
  78. [*] Checking if process file name contains: sandbox.exe [ GOOD ]
  79. [*] Checking if process file name contains: malware.exe [ GOOD ]
  80. [*] Checking if process file name contains: test.exe [ GOOD ]
  81. [*] Checking if process file name contains: klavme.exe [ GOOD ]
  82. [*] Checking if process file name contains: myapp.exe [ GOOD ]
  83. [*] Checking if process file name contains: testapp.exe [ GOOD ]
  84. [*] Checking if process file name looks like a hash: al-khaser [ GOOD ]
  85. [*] Checking if username matches : CurrentUser [ GOOD ]
  86. [*] Checking if username matches : Sandbox [ GOOD ]
  87. [*] Checking if username matches : Emily [ GOOD ]
  88. [*] Checking if username matches : HAPUBWS [ GOOD ]
  89. [*] Checking if username matches : Hong Lee [ GOOD ]
  90. [*] Checking if username matches : IT-ADMIN [ GOOD ]
  91. [*] Checking if username matches : Johnson [ GOOD ]
  92. [*] Checking if username matches : Miller [ GOOD ]
  93. [*] Checking if username matches : milozs [ GOOD ]
  94. [*] Checking if username matches : Peter Wilson [ GOOD ]
  95. [*] Checking if username matches : timmy [ GOOD ]
  96. [*] Checking if username matches : user [ GOOD ]
  97. [*] Checking if username matches : sand box [ GOOD ]
  98. [*] Checking if username matches : malware [ GOOD ]
  99. [*] Checking if username matches : maltest [ GOOD ]
  100. [*] Checking if username matches : test user [ GOOD ]
  101. [*] Checking if username matches : virus [ GOOD ]
  102. [*] Checking if username matches : John Doe [ GOOD ]
  103. [*] Checking if hostname matches : SANDBOX [ GOOD ]
  104. [*] Checking if hostname matches : 7SILVIA [ GOOD ]
  105. [*] Checking if hostname matches : HANSPETER-PC [ GOOD ]
  106. [*] Checking if hostname matches : JOHN-PC [ GOOD ]
  107. [*] Checking if hostname matches : MUELLER-PC [ GOOD ]
  108. [*] Checking if hostname matches : WIN7-TRAPS [ GOOD ]
  109. [*] Checking if hostname matches : FORTINET [ GOOD ]
  110. [*] Checking if hostname matches : TEQUILABOOMBOOM [ GOOD ]
  111. [*] Checking whether username is 'Wilber' and NetBIOS name starts with 'SC' or 'SW' [ GOOD ]
  112. [*] Checking whether username is 'admin' and NetBIOS name is 'SystemIT' [ GOOD ]
  113. [*] Checking whether username is 'admin' and DNS hostname is 'KLONE_X64-PC' [ GOOD ]
  114. [*] Checking whether username is 'John' and two sandbox files exist [ GOOD ]
  115. [*] Checking whether four known sandbox 'email' file paths exist [ GOOD ]
  116. [*] Checking whether three known sandbox 'foobar' files exist [ GOOD ]
  117. [*] Checking Number of processors in machine [ GOOD ]
  118. [*] Checking Interupt Descriptor Table location [ GOOD ]
  119. [*] Checking Local Descriptor Table location [ BAD ]
  120. [*] Checking Global Descriptor Table location [ GOOD ]
  121. [*] Checking Store Task Register [ GOOD ]
  122. [*] Checking Number of cores in machine using WMI [ GOOD ]
  123. [*] Checking hard disk size using WMI [ GOOD ]
  124. [*] Checking hard disk size using DeviceIoControl [ GOOD ]
  125. [*] Checking SetupDi_diskdrive [ GOOD ]
  126. [*] Checking mouse movement [ GOOD ]
  127. [*] Checking lack of user input [ GOOD ]
  128. [*] Checking memory space using GlobalMemoryStatusEx [ GOOD ]
  129. [*] Checking disk size using GetDiskFreeSpaceEx [ GOOD ]
  130. [*] Checking if CPU hypervisor field is set using cpuid(0x1) [ GOOD ]
  131. [*] Checking hypervisor vendor using cpuid(0x40000000) [ GOOD ]
  132. [*] Check if time has been accelerated [ GOOD ]
  133. [*] VM Driver Services [ GOOD ]
  134. [*] Checking SerialNumber from BIOS using WMI [ GOOD ]
  135. [*] Checking Model from ComputerSystem using WMI [ GOOD ]
  136. [*] Checking Manufacturer from ComputerSystem using WMI [ BAD ]
  137. [*] Checking Current Temperature using WMI [ GOOD ]
  138. [*] Checking ProcessId using WMI [ GOOD ]
  139. [*] Checking power capabilities [ BAD ]
  140. [*] Checking CPU fan using WMI [ BAD ]
  141. [*] Checking NtQueryLicenseValue with Kernel-VMDetection-Private [ GOOD ]
  142. [*] Checking Win32_CacheMemory with WMI [ BAD ]
  143. [*] Checking Win32_PhysicalMemory with WMI [ GOOD ]
  144. [*] Checking Win32_MemoryDevice with WMI [ BAD ]
  145. [*] Checking Win32_MemoryArray with WMI [ GOOD ]
  146. [*] Checking Win32_VoltageProbe with WMI [ BAD ]
  147. [*] Checking Win32_PortConnector with WMI [ BAD ]
  148. [*] Checking Win32_SMBIOSMemory with WMI [ GOOD ]
  149. [*] Checking ThermalZoneInfo performance counters with WMI [ BAD ]
  150. [*] Checking CIM_Memory with WMI [ BAD ]
  151. [*] Checking CIM_Sensor with WMI [ BAD ]
  152. [*] Checking CIM_NumericSensor with WMI [ BAD ]
  153. [*] Checking CIM_TemperatureSensor with WMI [ BAD ]
  154. [*] Checking CIM_VoltageSensor with WMI [ BAD ]
  155. [*] Checking CIM_PhysicalConnector with WMI [ BAD ]
  156. [*] Checking CIM_Slot with WMI [ BAD ]
  157. [*] Checking if Windows is Genuine [ GOOD ]
  158. [*] Checking Services\Disk\Enum entries for VM strings [ GOOD ]
  159. [*] Checking Enum\IDE and Enum\SCSI entries for VM strings [ BAD ]
  160.  
  161. -------------------------[VirtualBox Detection]-------------------------
  162. [*] Checking reg key HARDWARE\Description\System - Identifier is set to VBOX [ GOOD ]
  163. [*] Checking reg key HARDWARE\Description\System - SystemBiosVersion is set to VBOX [ GOOD ]
  164. [*] Checking reg key HARDWARE\Description\System - VideoBiosVersion is set to VIRTUALBOX [ GOOD ]
  165. [*] Checking reg key HARDWARE\Description\System - SystemBiosDate is set to 06/23/99 [ GOOD ]
  166. [*] Checking VirtualBox Guest Additions directory [ GOOD ]
  167. [*] Checking file C:\Windows\System32\drivers\VBoxMouse.sys [ GOOD ]
  168. [*] Checking file C:\Windows\System32\drivers\VBoxGuest.sys [ GOOD ]
  169. [*] Checking file C:\Windows\System32\drivers\VBoxSF.sys [ GOOD ]
  170. [*] Checking file C:\Windows\System32\drivers\VBoxVideo.sys [ GOOD ]
  171. [*] Checking file C:\Windows\System32\vboxdisp.dll [ GOOD ]
  172. [*] Checking file C:\Windows\System32\vboxhook.dll [ GOOD ]
  173. [*] Checking file C:\Windows\System32\vboxmrxnp.dll [ GOOD ]
  174. [*] Checking file C:\Windows\System32\vboxogl.dll [ GOOD ]
  175. [*] Checking file C:\Windows\System32\vboxoglarrayspu.dll [ GOOD ]
  176. [*] Checking file C:\Windows\System32\vboxoglcrutil.dll [ GOOD ]
  177. [*] Checking file C:\Windows\System32\vboxoglerrorspu.dll [ GOOD ]
  178. [*] Checking file C:\Windows\System32\vboxoglfeedbackspu.dll [ GOOD ]
  179. [*] Checking file C:\Windows\System32\vboxoglpackspu.dll [ GOOD ]
  180. [*] Checking file C:\Windows\System32\vboxoglpassthroughspu.dll [ GOOD ]
  181. [*] Checking file C:\Windows\System32\vboxservice.exe [ GOOD ]
  182. [*] Checking file C:\Windows\System32\vboxtray.exe [ GOOD ]
  183. [*] Checking file C:\Windows\System32\VBoxControl.exe [ GOOD ]
  184. [*] Checking reg key HARDWARE\ACPI\DSDT\VBOX__ [ GOOD ]
  185. [*] Checking reg key HARDWARE\ACPI\FADT\VBOX__ [ GOOD ]
  186. [*] Checking reg key HARDWARE\ACPI\RSDT\VBOX__ [ GOOD ]
  187. [*] Checking reg key SOFTWARE\Oracle\VirtualBox Guest Additions [ GOOD ]
  188. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxGuest [ GOOD ]
  189. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxMouse [ GOOD ]
  190. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxService [ GOOD ]
  191. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxSF [ GOOD ]
  192. [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxVideo [ GOOD ]
  193. [*] Checking Mac Address start with 08:00:27 [ GOOD ]
  194. [*] Checking MAC address (Hybrid Analysis) [ GOOD ]
  195. [*] Checking device \\.\VBoxMiniRdrDN [ GOOD ]
  196. [*] Checking device \\.\VBoxGuest [ GOOD ]
  197. [*] Checking device \\.\pipe\VBoxMiniRdDN [ GOOD ]
  198. [*] Checking device \\.\VBoxTrayIPC [ GOOD ]
  199. [*] Checking device \\.\pipe\VBoxTrayIPC [ GOOD ]
  200. [*] Checking VBoxTrayToolWndClass / VBoxTrayToolWnd [ GOOD ]
  201. [*] Checking VirtualBox Shared Folders network provider [ GOOD ]
  202. [*] Checking VirtualBox process vboxservice.exe [ GOOD ]
  203. [*] Checking VirtualBox process vboxtray.exe [ GOOD ]
  204. [*] Checking Win32_PnPDevice DeviceId from WMI for VBox PCI device [ GOOD ]
  205. [*] Checking Win32_PnPDevice Name from WMI for VBox controller hardware [ GOOD ]
  206. [*] Checking Win32_PnPDevice Name from WMI for VBOX names [ GOOD ]
  207. [*] Checking Win32_Bus from WMI [ GOOD ]
  208. [*] Checking Win32_BaseBoard from WMI [ GOOD ]
  209. [*] Checking MAC address from WMI [ GOOD ]
  210. [*] Checking NTEventLog from WMI [ GOOD ]
  211. [*] Checking SMBIOS firmware [ GOOD ]
  212. [*] Checking ACPI tables [ GOOD ]
  213.  
  214. -------------------------[VMWare Detection]-------------------------
  215. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  216. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  217. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  218. [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
  219. [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation [ GOOD ]
  220. [*] Checking reg key SOFTWARE\VMware, Inc.\VMware Tools [ GOOD ]
  221. [*] Checking file C:\Windows\System32\drivers\vmnet.sys [ GOOD ]
  222. [*] Checking file C:\Windows\System32\drivers\vmmouse.sys [ GOOD ]
  223. [*] Checking file C:\Windows\System32\drivers\vmusb.sys [ GOOD ]
  224. [*] Checking file C:\Windows\System32\drivers\vm3dmp.sys [ GOOD ]
  225. [*] Checking file C:\Windows\System32\drivers\vmci.sys [ GOOD ]
  226. [*] Checking file C:\Windows\System32\drivers\vmhgfs.sys [ GOOD ]
  227. [*] Checking file C:\Windows\System32\drivers\vmmemctl.sys [ GOOD ]
  228. [*] Checking file C:\Windows\System32\drivers\vmx86.sys [ GOOD ]
  229. [*] Checking file C:\Windows\System32\drivers\vmrawdsk.sys [ GOOD ]
  230. [*] Checking file C:\Windows\System32\drivers\vmusbmouse.sys [ GOOD ]
  231. [*] Checking file C:\Windows\System32\drivers\vmkdb.sys [ GOOD ]
  232. [*] Checking file C:\Windows\System32\drivers\vmnetuserif.sys [ GOOD ]
  233. [*] Checking file C:\Windows\System32\drivers\vmnetadapter.sys [ GOOD ]
  234. [*] Checking MAC starting with 00:05:69 [ GOOD ]
  235. [*] Checking MAC starting with 00:0c:29 [ GOOD ]
  236. [*] Checking MAC starting with 00:1C:14 [ GOOD ]
  237. [*] Checking MAC starting with 00:50:56 [ GOOD ]
  238. [*] Checking VMWare network adapter name [ GOOD ]
  239. [*] Checking device \\.\HGFS [ GOOD ]
  240. [*] Checking device \\.\vmci [ GOOD ]
  241. [*] Checking VMWare directory [ GOOD ]
  242. [*] Checking SMBIOS firmware [ GOOD ]
  243. [*] Checking ACPI tables [ GOOD ]
  244.  
  245. -------------------------[Virtual PC Detection]-------------------------
  246. [*] Checking Virtual PC processes VMSrvc.exe [ GOOD ]
  247. [*] Checking Virtual PC processes VMUSrvc.exe [ GOOD ]
  248. [*] Checking reg key SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters [ GOOD ]
  249.  
  250. -------------------------[QEMU Detection]-------------------------
  251. [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 [ GOOD ]
  252. [*] Checking reg key HARDWARE\Description\System [ GOOD ]
  253. [*] Checking qemu processes qemu-ga.exe [ GOOD ]
  254. [*] Checking qemu processes vdagent.exe [ GOOD ]
  255. [*] Checking qemu processes vdservice.exe [ GOOD ]
  256. [*] Checking QEMU directory C:\Program Files\qemu-ga [ GOOD ]
  257. [*] Checking QEMU directory C:\Program Files\SPICE Guest Tools [ GOOD ]
  258. [*] Checking SMBIOS firmware [ BAD ]
  259. [*] Checking ACPI tables [ GOOD ]
  260.  
  261. -------------------------[Xen Detection]-------------------------
  262. [*] Checking Citrix Xen process xenservice.exe [ GOOD ]
  263. [*] Checking Mac Address start with 08:16:3E [ GOOD ]
  264.  
  265. -------------------------[Xen Detection]-------------------------
  266. [*] Checking file C:\Windows\System32\drivers\balloon.sys [ GOOD ]
  267. [*] Checking file C:\Windows\System32\drivers\netkvm.sys [ GOOD ]
  268. [*] Checking file C:\Windows\System32\drivers\pvpanic.sys [ GOOD ]
  269. [*] Checking file C:\Windows\System32\drivers\viofs.sys [ GOOD ]
  270. [*] Checking file C:\Windows\System32\drivers\viogpudo.sys [ GOOD ]
  271. [*] Checking file C:\Windows\System32\drivers\vioinput.sys [ GOOD ]
  272. [*] Checking file C:\Windows\System32\drivers\viorng.sys [ GOOD ]
  273. [*] Checking file C:\Windows\System32\drivers\vioscsi.sys [ GOOD ]
  274. [*] Checking file C:\Windows\System32\drivers\vioser.sys [ BAD ]
  275. [*] Checking file C:\Windows\System32\drivers\viostor.sys [ GOOD ]
  276. [*] Checking reg key SYSTEM\ControlSet001\Services\vioscsi [ GOOD ]
  277. [*] Checking reg key SYSTEM\ControlSet001\Services\viostor [ GOOD ]
  278. [*] Checking reg key SYSTEM\ControlSet001\Services\VirtIO-FS Service [ GOOD ]
  279. [*] Checking reg key SYSTEM\ControlSet001\Services\VirtioSerial [ BAD ]
  280. [*] Checking reg key SYSTEM\ControlSet001\Services\BALLOON [ GOOD ]
  281. [*] Checking reg key SYSTEM\ControlSet001\Services\BalloonService [ GOOD ]
  282. [*] Checking reg key SYSTEM\ControlSet001\Services\netkvm [ GOOD ]
  283. [*] Checking KVM virio directory [ GOOD ]
  284.  
  285. -------------------------[Wine Detection]-------------------------
  286. [*] Checking Wine via dll exports [ GOOD ]
  287. [*] Checking reg key SOFTWARE\Wine [ GOOD ]
  288.  
  289. -------------------------[Paralles Detection]-------------------------
  290. [*] Checking Parallels processes: prl_cc.exe [ GOOD ]
  291. [*] Checking Parallels processes: prl_tools.exe [ GOOD ]
  292. [*] Checking Mac Address start with 00:1C:42 [ GOOD ]
  293.  
  294. -------------------------[Hyper-V Detection]-------------------------
  295. [*] Checking for Hyper-V driver objects [ GOOD ]
  296. [*] Checking for Hyper-V global objects [ BAD ]
  297.  
  298. -------------------------[Timing-attacks]-------------------------
  299.  
  300. [*] Delay value is set to 10 minutes ...
  301. [*] Performing a sleep using NtDelayExecution ... [ GOOD ]
  302. [*] Performing a sleep() in a loop ... [ GOOD ]
  303. [*] Delaying execution using SetTimer ... [ GOOD ]
  304. [*] Delaying execution using timeSetEvent ... [ GOOD ]
  305. [*] Delaying execution using WaitForSingleObject ... [ GOOD ]
  306. [*] Delaying execution using IcmpSendEcho ... [ GOOD ]
  307. [*] Delaying execution using CreateWaitableTimer ... [ GOOD ]
  308. [*] Delaying execution using CreateTimerQueueTimer ... [ GOOD ]
  309. [*] Checking RDTSC Locky trick [ GOOD ]
  310. [*] Checking RDTSC which force a VM Exit (cpuid) [ BAD ]
  311.  
  312. -------------------------[Analysis-tools]-------------------------
  313. [*] Checking process of malware analysis tool: ollydbg.exe [ GOOD ]
  314. [*] Checking process of malware analysis tool: ProcessHacker.exe [ GOOD ]
  315. [*] Checking process of malware analysis tool: tcpview.exe [ GOOD ]
  316. [*] Checking process of malware analysis tool: autoruns.exe [ GOOD ]
  317. [*] Checking process of malware analysis tool: autorunsc.exe [ GOOD ]
  318. [*] Checking process of malware analysis tool: filemon.exe [ GOOD ]
  319. [*] Checking process of malware analysis tool: procmon.exe [ GOOD ]
  320. [*] Checking process of malware analysis tool: regmon.exe [ GOOD ]
  321. [*] Checking process of malware analysis tool: procexp.exe [ GOOD ]
  322. [*] Checking process of malware analysis tool: idaq.exe [ GOOD ]
  323. [*] Checking process of malware analysis tool: idaq64.exe [ GOOD ]
  324. [*] Checking process of malware analysis tool: ImmunityDebugger.exe [ GOOD ]
  325. [*] Checking process of malware analysis tool: Wireshark.exe [ GOOD ]
  326. [*] Checking process of malware analysis tool: dumpcap.exe [ GOOD ]
  327. [*] Checking process of malware analysis tool: HookExplorer.exe [ GOOD ]
  328. [*] Checking process of malware analysis tool: ImportREC.exe [ GOOD ]
  329. [*] Checking process of malware analysis tool: PETools.exe [ GOOD ]
  330. [*] Checking process of malware analysis tool: LordPE.exe [ GOOD ]
  331. [*] Checking process of malware analysis tool: SysInspector.exe [ GOOD ]
  332. [*] Checking process of malware analysis tool: proc_analyzer.exe [ GOOD ]
  333. [*] Checking process of malware analysis tool: sysAnalyzer.exe [ GOOD ]
  334. [*] Checking process of malware analysis tool: sniff_hit.exe [ GOOD ]
  335. [*] Checking process of malware analysis tool: windbg.exe [ GOOD ]
  336. [*] Checking process of malware analysis tool: joeboxcontrol.exe [ GOOD ]
  337. [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
  338. [*] Checking process of malware analysis tool: joeboxserver.exe [ GOOD ]
  339. [*] Checking process of malware analysis tool: ResourceHacker.exe [ GOOD ]
  340. [*] Checking process of malware analysis tool: x32dbg.exe [ GOOD ]
  341. [*] Checking process of malware analysis tool: x64dbg.exe [ GOOD ]
  342. [*] Checking process of malware analysis tool: Fiddler.exe [ GOOD ]
  343. [*] Checking process of malware analysis tool: httpdebugger.exe [ GOOD ]
  344. [*] Checking process of malware analysis tool: cheatengine-i386.exe [ GOOD ]
  345. [*] Checking process of malware analysis tool: cheatengine-x86_64.exe [ GOOD ]
  346. [*] Checking process of malware analysis tool: cheatengine-x86_64-SSE4-AVX2.exe [ GOOD ]
  347. Begin AntiDisassmConstantCondition
  348. Begin AntiDisassmAsmJmpSameTarget
  349. Begin AntiDisassmImpossibleDiasassm
  350. Begin AntiDisassmFunctionPointer
  351. Begin AntiDisassmReturnPointerAbuse
  352.  
  353. -------------------------[Anti Dumping]-------------------------
  354. [*] Erasing PE header from memory
  355. [*] Increasing SizeOfImage in PE Header to: 0x100000
  356.  
  357.  
  358. Analysis done, I hope you didn't get red flags :)
Add Comment
Please, Sign In to add comment