pafish/README.md


# Pafish
## (Paranoid Fish)

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

The project is open source, you can read the code of all anti-analysis checks. You can also [download](https://github.com/a0rtega/pafish/raw/master/pafish.exe) the compiled executable (or compile it by yourself) and reverse engineer it, which is quite recommended.

It is licensed under GNU/GPL version 3.

# Scope

Note that the aim of the project is not to implement complex VM detections.

The objective of this project is to collect usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.

Examples of execution (v0.5.1 all of them):

[Cuckoo Sandbox](https://malwr.com/analysis/NGRkMjkxMzllOTFiNDJmOGJmNjM0YWU1MDcwNGZkM2Y/)  
[Anubis](https://anubis.iseclab.org/?action=result&task_id=11db4238cbf5db5a451d251820e73d4de&format=html)  
[ThreatExpert](http://www.threatexpert.com/report.aspx?md5=87b08b9db49b4322df2249b7059bc1f5)  

# Build

Pafish is written in C and can be built with MinGW (gcc + make).

Official MinGW ([http://www.mingw.org/](http://www.mingw.org/)) and Cygwin ([https://cygwin.com/](https://cygwin.com/)) are proven to work well.

To compile you will likely need to use:
```
make -f Makefile.win
make -f Makefile.linux # if compiling on linux
```

# Author

Alberto Ortega (@[a0rtega](https://twitter.com/#!/a0rtega) - [profile](http://aortega.badtrace.com))

# Contributions

Feel free to send me malware samples or more tricks to add. GPG ID: [6A06CF5A](https://keybase.io/alberto/key.asc)
house-keeping 2015-01-01 19:17:06 +03:00
Updated readme 2012-07-01 16:55:09 +04:00			`# Pafish`
			`## (Paranoid Fish)`
Initial commit 2012-07-01 15:06:41 +04:00
Update README.txt 2015-05-09 16:01:43 +03:00			`Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.`
Updated readme 2012-07-01 16:55:09 +04:00
Minor change in readme 2012-12-19 20:33:45 +04:00			`The project is open source, you can read the code of all anti-analysis checks. You can also [download](https://github.com/a0rtega/pafish/raw/master/pafish.exe) the compiled executable (or compile it by yourself) and reverse engineer it, which is quite recommended.`
Updated readme 2012-07-01 16:55:09 +04:00
Updated readme with pafish-dll information 2013-03-25 16:37:43 +04:00			`It is licensed under GNU/GPL version 3.`

Updated readme 2012-07-01 16:55:09 +04:00			`# Scope`

			`Note that the aim of the project is not to implement complex VM detections.`

house-keeping 2015-01-01 19:17:06 +03:00			`The objective of this project is to collect usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.`
Updated readme 2012-10-28 22:11:24 +04:00
Update README.txt 2015-05-09 16:01:43 +03:00			`Examples of execution (v0.5.1 all of them):`
Updated readme, added some more examples 2013-06-09 22:46:21 +04:00
Update README.txt 2015-05-09 16:01:43 +03:00			`[Cuckoo Sandbox](https://malwr.com/analysis/NGRkMjkxMzllOTFiNDJmOGJmNjM0YWU1MDcwNGZkM2Y/)`
			`[Anubis](https://anubis.iseclab.org/?action=result&task_id=11db4238cbf5db5a451d251820e73d4de&format=html)`
			`[ThreatExpert](http://www.threatexpert.com/report.aspx?md5=87b08b9db49b4322df2249b7059bc1f5)`
Updated readme 2012-07-01 16:55:09 +04:00
Added some develop information 2012-07-03 21:50:37 +04:00			`# Build`

Update README.txt 2015-05-09 16:01:43 +03:00			`Pafish is written in C and can be built with MinGW (gcc + make).`

			`Official MinGW ([http://www.mingw.org/](http://www.mingw.org/)) and Cygwin ([https://cygwin.com/](https://cygwin.com/)) are proven to work well.`

			`To compile you will likely need to use:`
			```
			`make -f Makefile.win`
			`make -f Makefile.linux # if compiling on linux`
			```
Added some develop information 2012-07-03 21:50:37 +04:00
Updated readme 2012-07-01 16:55:09 +04:00			`# Author`

Minor change in README 2014-01-01 17:02:27 +04:00			`Alberto Ortega (@[a0rtega](https://twitter.com/#!/a0rtega) - [profile](http://aortega.badtrace.com))`
Updated readme 2012-07-01 16:55:09 +04:00
Updated readme with pafish-dll information 2013-03-25 16:37:43 +04:00			`# Contributions`

house-keeping 2015-01-01 19:17:06 +03:00			`Feel free to send me malware samples or more tricks to add. GPG ID: [6A06CF5A](https://keybase.io/alberto/key.asc)`
Update readme, remove dead link, the production build wont be signed from now 2015-03-20 16:58:12 +03:00