mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
103 Commits 2 Branches 17 Tags 2.2 MiB
C 100%
Go to file
Duarte Silva 392aa0f5c5 Fix the compilation under Linux with MinGW cross-compiler. 2015-05-14 13:52:51 +01:00
pafish Fix the compilation under Linux with MinGW cross-compiler. 2015-05-14 13:52:51 +01:00
screenshots Bump v052 2015-05-10 18:46:32 +02:00
.gitignore house-keeping 2015-01-01 17:17:06 +01:00
CHANGELOG Update changelog to v052 2015-05-10 18:50:49 +02:00
LICENSE.txt Added LICENSE.txt 2013-03-23 18:03:28 +01:00
README.md Update README.txt 2015-05-09 15:01:43 +02:00
pafish.exe Bump v052 2015-05-10 18:46:32 +02:00

README.md

Pafish

(Paranoid Fish)

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

The project is open source, you can read the code of all anti-analysis checks. You can also download the compiled executable (or compile it by yourself) and reverse engineer it, which is quite recommended.

It is licensed under GNU/GPL version 3.

Scope

Note that the aim of the project is not to implement complex VM detections.

The objective of this project is to collect usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.

Examples of execution (v0.5.1 all of them):

Cuckoo Sandbox
Anubis
ThreatExpert

Build

Pafish is written in C and can be built with MinGW (gcc + make).

Official MinGW (http://www.mingw.org/) and Cygwin (https://cygwin.com/) are proven to work well.

To compile you will likely need to use:

make -f Makefile.win
make -f Makefile.linux # if compiling on linux

Author

Alberto Ortega (@a0rtega - profile)

Contributions

Feel free to send me malware samples or more tricks to add. GPG ID: 6A06CF5A