Alberto Ortega
01b5da03d5
Merge pull request #72 from jgru/add-reverse-turing-tests
...
Add reverse Turing tests
2021-11-07 17:45:42 +01:00
Alberto Ortega
14b63b65db
Remove .exe files from git
2021-11-07 13:37:24 +01:00
Jan Gru
f68d74fea2
Minimize console window on start up
2021-11-07 06:53:57 +01:00
Jan Gru
ebb47f35ef
Add reverse turing tests
...
Add reverse Turing tests, which mimick checks found in real world
samples like the UpClicker trojan, leaked source code of Ursnif/Gozi,
a "DarkRiver" dropper, the MyWeb-backdoor and XLM 4.0-macros used as
droppers.
2021-11-07 06:53:25 +01:00
Alberto Ortega
62dad68149
Update README.md
2021-10-04 18:13:50 +02:00
Alberto Ortega
57e6b8d4ff
Create FUNDING.yml
2021-10-02 12:05:18 +02:00
Alberto Ortega
516161e3f9
Update README.md
2021-09-30 20:33:33 +02:00
Alberto Ortega
6c1fabdf8a
Merge pull request #62 from virajchitnis/master
...
Added vagrant box
2019-02-19 10:17:35 +01:00
Viraj Chitnis
44cb9357a2
Automatically build pafish during Vagrant initialization
2019-02-16 14:23:31 +00:00
Viraj Chitnis
e5b57d942c
Added Vagrantfile
2019-02-16 14:15:38 +00:00
Alberto Ortega
184b3fc3d5
Bump v058
2016-08-27 13:42:56 +02:00
Alberto Ortega
a361ea64e4
Merge branch 'shawndwells-typos' into dev-chaos
2016-07-20 21:25:22 +02:00
Shawn Wells
20b878ee66
Fix typo in pafish/cuckoo.c (informnation -> information)
...
This typo was bothering the hell out of me.
2016-07-18 22:54:29 -04:00
Alberto Ortega
34b0c56f8c
Add -Wpedantic to Makefiles
2016-06-11 18:42:42 +02:00
Alberto Ortega
8f84f98034
re #49 fixes LocalFree after advanced list
2016-06-11 18:41:27 +02:00
Alberto Ortega
d13b9cb1d0
Update README with screenshot
2016-03-16 19:43:41 +01:00
Alberto Ortega
df774da10f
Add v057 screenshot
2016-03-16 19:38:13 +01:00
Alberto Ortega
9d84b0d7f0
Bump v057
2016-03-16 19:36:23 +01:00
Alberto Ortega
3dbd5e3923
Minor change in KVM hv vendor string
2016-03-02 23:07:36 +01:00
Alberto Ortega
d4ca81c7a5
fix #47 add hypervisor vendor checking
2016-03-02 20:59:19 +01:00
Alberto Ortega
6264d96ca2
Function to read HV vendor information, added to logging
2016-03-02 20:27:03 +01:00
Alberto Ortega
a6a0478915
Bump v056
2015-12-28 16:26:18 +01:00
Alberto Ortega
21efd60b45
Disabled check_hook_DeleteFileW_m1 because it causes FP in Win 8
2015-12-28 16:21:38 +01:00
Alberto Ortega
1c7d5c3f2b
Update README
2015-12-28 13:58:46 +01:00
Alberto Ortega
9ab9e0fb3b
re #46 add IsNativeVhdBoot detection
2015-12-27 12:25:53 +01:00
Alberto Ortega
896f26f3be
Fixes warning in latest mingw
2015-12-27 12:17:18 +01:00
Alberto Ortega
7420c27542
re #43 Include a DNS request for each detection, useful in restrictive sandboxes
2015-12-23 19:42:13 +01:00
Alberto Ortega
eac42caae3
re #45 Add uptime test
2015-12-22 21:12:54 +01:00
Alberto Ortega
6b27791837
Bump v055
2015-10-08 19:32:01 +02:00
Alberto Ortega
feeba7ba8e
Minor includes changes
2015-10-08 19:22:39 +02:00
Alberto Ortega
72296dacd6
Disable a not so reliable bochs check
2015-10-08 19:14:27 +02:00
Alberto Ortega
044760116a
Refactor of hooks detection function, add 2 more functions to check
2015-09-04 18:24:53 +02:00
Alberto Ortega
54f33a2929
Minor refactor in GetAdaptersAddresses functions
2015-08-30 18:44:49 +02:00
Alberto Ortega
017d5dfbbd
Add VMware detection based on network adapter name
2015-08-30 18:35:22 +02:00
Alberto Ortega
618037ba25
indent -linux main.c
2015-08-30 01:34:07 +02:00
Alberto Ortega
cc31829b45
Minor includes change
2015-08-29 14:06:17 +02:00
Alberto Ortega
b0b72c4e5e
Refactor main.c, link new Qemu and Bochs detections in main
2015-08-29 13:55:42 +02:00
Alberto Ortega
ea6617f45b
Add Bochs detections based on CPU information
2015-08-29 00:49:41 +02:00
Alberto Ortega
c65cfb5adc
Add new qemu detection based on CPU brand string
2015-08-29 00:29:41 +02:00
Alberto Ortega
94dca540db
Add cpu functions to query Processor Brand String
2015-08-28 23:12:07 +02:00
Alberto Ortega
89cf87ead9
re #40 add neutrino bochs detection via regkey
2015-08-26 19:09:52 +02:00
Alberto Ortega
49a6f3a447
Fix minor issue with wbemidl.h import
2015-08-26 19:07:25 +02:00
Alberto Ortega
4e434ba6f3
Bump v054
2015-07-12 17:26:26 +02:00
Alberto Ortega
3e322f2b97
Change hi_(vmware|virtualbox)_wmi for generic trace files
2015-07-12 17:15:13 +02:00
Alberto Ortega
4fe2cc3c91
5.4 candidate build
2015-07-11 12:54:08 +02:00
Alberto Ortega
3a564d60e7
Minor style change (cppcheck)
2015-07-11 12:51:29 +02:00
Alberto Ortega
bc9971f06e
Merge branch 'serializingme-dev-hackingteam-v1' into dev-chaos
2015-07-11 11:50:17 +02:00
Duarte Silva
0d7d8fb43e
Added HackingTeam anti-Cuckoo function as a check
2015-07-10 20:21:55 +01:00
Duarte Silva
229e1eb751
Added HackingTeam anti-VM WMI checks
...
- VirtualBox check of the device identifiers
- VMWare check of the serial number
2015-07-10 15:21:06 +01:00
Alberto Ortega
28d2889d0d
Merge branch 'serializingme-dev-fixcompilewarn-v1' into dev-chaos
2015-07-08 12:37:09 +02:00