mirrors
/
pafish
mirror of https://github.com/a0rtega/pafish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
69 Commits 2 Branches 17 Tags 2.2 MiB
C 100%
Go to file
Alberto Ortega 591b998e9c More housekeeping, minor changes in Makefiles 2015-01-01 17:39:32 +01:00
pafish More housekeeping, minor changes in Makefiles 2015-01-01 17:39:32 +01:00
screenshots Added v02 screenshots 2012-10-28 19:06:09 +01:00
.gitignore house-keeping 2015-01-01 17:17:06 +01:00
CHANGELOG Bump v03 2014-01-01 14:00:09 +01:00
LICENSE.txt Added LICENSE.txt 2013-03-23 18:03:28 +01:00
README.md house-keeping 2015-01-01 17:17:06 +01:00
pafish.exe Bump v03 2014-01-01 14:00:09 +01:00

README.md

Pafish

(Paranoid Fish)

Pafish is a demo tool that performs some anti(debugger/VM/sandbox) tricks. Most of them are often used by malware to avoid debugging and dynamic analysis.

The project is open source, you can read the code of all anti-analysis checks. You can also download the compiled executable (or compile it by yourself) and reverse engineer it, which is quite recommended.

It is licensed under GNU/GPL version 3.

Scope

Note that the aim of the project is not to implement complex VM detections.

The objective of this project is to collect usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.

Examples of execution (v025 all of them):

ThreatExpert
Cuckoo Sandbox
Anubis
CWSandbox
Comodo

Certificate

All releases from v024 will be shipped signed by the original development team. Consider everything without our certificate unofficial, you can check it against the certificates present in the binaries from this repository.

Build

Pafish is written in C and built with pure MinGW (make + gcc).

Author

Alberto Ortega (@a0rtega - profile)

Contributions

Feel free to send me malware samples or more tricks to add. GPG ID: 6A06CF5A