Commit Graph

186 Commits

Author SHA1 Message Date
Alberto Ortega
d69f67157f Fix compiler warnings 2021-11-08 19:13:41 +01:00
Alberto Ortega
9d0835bf37 Remove hooks and cuckoo detections in 64 bit compilation 2021-11-08 14:18:36 +01:00
Alberto Ortega
8b9e52be04 Ignore .res 2021-11-08 14:01:26 +01:00
Alberto Ortega
6eeda58247 Add pafish_get_PEB to access PEB, adapt for 64-bit support, updated access to NumberOfProcessors via PEB 2021-11-08 14:00:13 +01:00
Alberto Ortega
d56dea6e23 Add Makefile for 64-bit building 2021-11-07 21:05:20 +01:00
Alberto Ortega
898ddebd6d Compiler macros indentation fixes 2021-11-07 21:04:34 +01:00
Alberto Ortega
7155a2451e Adapt main.c and checks execution for 64-bit compilation 2021-11-07 20:43:10 +01:00
Alberto Ortega
ad1de9896a Minor cosmetic changes in console output 2021-11-07 19:52:10 +01:00
Alberto Ortega
91cced1842 Fix tab in main.c 2021-11-07 19:32:26 +01:00
Alberto Ortega
d78a2e8fb7 Cosmetic changes in RTT windows 2021-11-07 19:13:29 +01:00
Alberto Ortega
a3289c135b Restore window after analysis finished 2021-11-07 18:19:27 +01:00
Alberto Ortega
febe5028d0 rtt.c rename global variables and move them up, indentation fixes 2021-11-07 18:13:55 +01:00
Alberto Ortega
04191954f6 Makefile files indentation 2021-11-07 17:53:10 +01:00
Alberto Ortega
01b5da03d5
Merge pull request #72 from jgru/add-reverse-turing-tests
Add reverse Turing tests
2021-11-07 17:45:42 +01:00
Alberto Ortega
14b63b65db Remove .exe files from git 2021-11-07 13:37:24 +01:00
Jan Gru
f68d74fea2 Minimize console window on start up 2021-11-07 06:53:57 +01:00
Jan Gru
ebb47f35ef Add reverse turing tests
Add reverse Turing tests, which mimick checks found in real world
samples like the UpClicker trojan, leaked source code of Ursnif/Gozi,
a "DarkRiver" dropper, the MyWeb-backdoor and XLM 4.0-macros used as
droppers.
2021-11-07 06:53:25 +01:00
Alberto Ortega
62dad68149
Update README.md 2021-10-04 18:13:50 +02:00
Alberto Ortega
57e6b8d4ff
Create FUNDING.yml 2021-10-02 12:05:18 +02:00
Alberto Ortega
516161e3f9
Update README.md 2021-09-30 20:33:33 +02:00
Alberto Ortega
6c1fabdf8a
Merge pull request #62 from virajchitnis/master
Added vagrant box
2019-02-19 10:17:35 +01:00
Viraj Chitnis
44cb9357a2
Automatically build pafish during Vagrant initialization 2019-02-16 14:23:31 +00:00
Viraj Chitnis
e5b57d942c
Added Vagrantfile 2019-02-16 14:15:38 +00:00
Alberto Ortega
184b3fc3d5 Bump v058 2016-08-27 13:42:56 +02:00
Alberto Ortega
a361ea64e4 Merge branch 'shawndwells-typos' into dev-chaos 2016-07-20 21:25:22 +02:00
Shawn Wells
20b878ee66 Fix typo in pafish/cuckoo.c (informnation -> information)
This typo was bothering the hell out of me.
2016-07-18 22:54:29 -04:00
Alberto Ortega
34b0c56f8c Add -Wpedantic to Makefiles 2016-06-11 18:42:42 +02:00
Alberto Ortega
8f84f98034 re #49 fixes LocalFree after advanced list 2016-06-11 18:41:27 +02:00
Alberto Ortega
d13b9cb1d0 Update README with screenshot 2016-03-16 19:43:41 +01:00
Alberto Ortega
df774da10f Add v057 screenshot 2016-03-16 19:38:13 +01:00
Alberto Ortega
9d84b0d7f0 Bump v057 2016-03-16 19:36:23 +01:00
Alberto Ortega
3dbd5e3923 Minor change in KVM hv vendor string 2016-03-02 23:07:36 +01:00
Alberto Ortega
d4ca81c7a5 fix #47 add hypervisor vendor checking 2016-03-02 20:59:19 +01:00
Alberto Ortega
6264d96ca2 Function to read HV vendor information, added to logging 2016-03-02 20:27:03 +01:00
Alberto Ortega
a6a0478915 Bump v056 2015-12-28 16:26:18 +01:00
Alberto Ortega
21efd60b45 Disabled check_hook_DeleteFileW_m1 because it causes FP in Win 8 2015-12-28 16:21:38 +01:00
Alberto Ortega
1c7d5c3f2b Update README 2015-12-28 13:58:46 +01:00
Alberto Ortega
9ab9e0fb3b re #46 add IsNativeVhdBoot detection 2015-12-27 12:25:53 +01:00
Alberto Ortega
896f26f3be Fixes warning in latest mingw 2015-12-27 12:17:18 +01:00
Alberto Ortega
7420c27542 re #43 Include a DNS request for each detection, useful in restrictive sandboxes 2015-12-23 19:42:13 +01:00
Alberto Ortega
eac42caae3 re #45 Add uptime test 2015-12-22 21:12:54 +01:00
Alberto Ortega
6b27791837 Bump v055 2015-10-08 19:32:01 +02:00
Alberto Ortega
feeba7ba8e Minor includes changes 2015-10-08 19:22:39 +02:00
Alberto Ortega
72296dacd6 Disable a not so reliable bochs check 2015-10-08 19:14:27 +02:00
Alberto Ortega
044760116a Refactor of hooks detection function, add 2 more functions to check 2015-09-04 18:24:53 +02:00
Alberto Ortega
54f33a2929 Minor refactor in GetAdaptersAddresses functions 2015-08-30 18:44:49 +02:00
Alberto Ortega
017d5dfbbd Add VMware detection based on network adapter name 2015-08-30 18:35:22 +02:00
Alberto Ortega
618037ba25 indent -linux main.c 2015-08-30 01:34:07 +02:00
Alberto Ortega
cc31829b45 Minor includes change 2015-08-29 14:06:17 +02:00
Alberto Ortega
b0b72c4e5e Refactor main.c, link new Qemu and Bochs detections in main 2015-08-29 13:55:42 +02:00