收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 软件评测&PK区 反虚拟机/沙盒检测技术:对几款在线沙盒的评估
123456下一页
返回列表 发新帖
楼主: Jerry.Lin
 收起左侧

[杀软评测] 反虚拟机/沙盒检测技术:对几款在线沙盒的评估

  [复制链接]
JerrySir
发表于 2020-5-21 11:32:33 | 显示全部楼层
老大太给力了,最近也是在参考有关沙盒的选型,这个数据太有价值了,赞一个
回复

举报

aldk2
发表于 2020-5-22 03:15:56 | 显示全部楼层
很不错啊
回复

举报

K560987
发表于 2020-5-22 12:59:18 | 显示全部楼层
likeBBQ 发表于 2020-5-15 16:26
这是不是说明用虚拟机和沙盒看电影也会中毒?

不是的,这是说明恶意软件通过一些技术能够检测到自己运行在虚拟机中,然后不执行恶意脚本,导致虚拟机检测结果不准确。你说的情况属于虚拟机穿透,截至目前还没有恶意软件能穿透正规虚拟机
回复

举报

K560987
发表于 2020-5-22 13:01:00 | 显示全部楼层
QVM360 发表于 2020-5-16 20:11
壮哉我大anyrun

anyrun的报法属于机器检测,使用了业界通用的ATT&CK框架,这使得一些合法软件被误报为非法程序
回复

举报

BE_HC
发表于 2020-5-23 17:16:09 | 显示全部楼层
本来想测测盒子反虚拟机检测的,结果编译好后。。。

QQ截图20200523171128.png

象征性用pafish测了一下,好像就只有磁盘空间分的太小了

  2. [pafish] Start
  3. [pafish] Windows version: 6.1 build 7601
  4. [pafish] CPU: GenuineIntel (HV: GenuineIntel)        Intel(R) Xeon(R) CPU E5-2670 0 [url=home.php?mod=space&uid=340]@[/url] 2.60GHz
  5. [pafish] Sandbox traced by checking disk size <= 60GB via DeviceIoControl()
  6. [pafish] Sandbox traced by checking disk size <= 60GB via GetDiskFreeSpaceExA()
  7. [pafish] End
复制代码


回复

举报

Jerry.Lin
 楼主| 发表于 2020-5-23 23:11:11 | 显示全部楼层
BE_HC 发表于 2020-5-23 03:16
本来想测测盒子反虚拟机检测的,结果编译好后。。。

你试下我的
https://send.firefox.com/downloa ... cLk9bITPcvNd0Ks8y3A
回复

举报

多学习少说话
发表于 2020-5-24 04:45:37 | 显示全部楼层
likeBBQ 发表于 2020-5-15 16:26
这是不是说明用虚拟机和沙盒看电影也会中毒?

能中是能中,但不是这个测试说明的。
回复

举报

多学习少说话
发表于 2020-5-24 04:47:19 | 显示全部楼层
悄悄问一下楼主,既然各大公司沙盘的免察觉通过率都这么高,他们又是如何进行行为分析的呢?
回复

举报

BE_HC
发表于 2020-5-24 11:48:14 | 显示全部楼层
Jerry.Lin 发表于 2020-5-23 23:11
你试下我的
https://send.firefox.com/download/46f8ace2ee2385bf/#vI4cLk9bITPcvNd0Ks8y3A

检测太多了,直接High Risk海星
QQ截图20200524114654.png

一样也是WMI嗝屁
  1. [Sat May 23 20:38:02 2020] [*] TLS process attach callback  -> 0
  2. [Sat May 23 20:38:02 2020] [*] TLS thread attach callback  -> 0
  3. [Sat May 23 20:38:02 2020] [*] Checking IsDebuggerPresent API  -> 0
  4. [Sat May 23 20:38:02 2020] [*] Checking PEB.BeingDebugged  -> 0
  5. [Sat May 23 20:38:02 2020] [*] Checking CheckRemoteDebuggerPresent API  -> 0
  6. [Sat May 23 20:38:02 2020] [*] Checking PEB.NtGlobalFlag  -> 0
  7. [Sat May 23 20:38:02 2020] [*] Checking ProcessHeap.Flags  -> 0
  8. [Sat May 23 20:38:02 2020] [*] Checking ProcessHeap.ForceFlags  -> 0
  9. [Sat May 23 20:38:02 2020] [*] Checking NtQueryInformationProcess with ProcessDebugPort  -> 0
  10. [Sat May 23 20:38:02 2020] [*] Checking NtQueryInformationProcess with ProcessDebugFlags  -> 0
  11. [Sat May 23 20:38:02 2020] [*] Checking NtQueryInformationProcess with ProcessDebugObject  -> 0
  12. [Sat May 23 20:38:02 2020] [*] Checking WudfIsAnyDebuggerPresent API  -> 0
  13. [Sat May 23 20:38:02 2020] [*] Checking WudfIsKernelDebuggerPresent API  -> 0
  14. [Sat May 23 20:38:02 2020] [*] Checking WudfIsUserDebuggerPresent API  -> 0
  15. [Sat May 23 20:38:02 2020] [*] Checking NtSetInformationThread with ThreadHideFromDebugger  -> 0
  16. [Sat May 23 20:38:02 2020] [*] Checking CloseHandle with an invalide handle  -> 0
  17. [Sat May 23 20:38:02 2020] [*] Checking UnhandledExcepFilterTest  -> 0
  18. [Sat May 23 20:38:02 2020] [*] Checking OutputDebugString  -> 0
  19. [Sat May 23 20:38:02 2020] [*] Checking Hardware Breakpoints  -> 0
  20. [Sat May 23 20:38:02 2020] [*] Checking Software Breakpoints  -> 0
  21. [Sat May 23 20:38:02 2020] [*] Checking Interupt 0x2d  -> 0
  22. [Sat May 23 20:38:02 2020] [*] Checking Interupt 1  -> 0
  23. [Sat May 23 20:38:02 2020] [*] Checking Memory Breakpoints PAGE GUARD  -> 0
  24. [Sat May 23 20:38:02 2020] [*] Checking If Parent Process is explorer.exe  -> 0
  25. [Sat May 23 20:38:03 2020] [*] Checking SeDebugPrivilege  -> 0
  26. [Sat May 23 20:38:03 2020] [*] Checking CloseHandle protected handle trick   -> 0
  27. [Sat May 23 20:38:03 2020] [*] Checking NtQuerySystemInformation with SystemKernelDebuggerInformation   -> 0
  28. [Sat May 23 20:38:03 2020] [*] Checking SharedUserData->KdDebuggerEnabled   -> 0
  29. [Sat May 23 20:38:03 2020] [*] Checking if process is in a job   -> 0
  30. [Sat May 23 20:38:03 2020] [*] Checking VirtualAlloc write watch (buffer only)  -> 0
  31. [Sat May 23 20:38:03 2020] [*] Checking VirtualAlloc write watch (API calls)  -> 0
  32. [Sat May 23 20:38:03 2020] [*] Checking VirtualAlloc write watch (IsDebuggerPresent)  -> 0
  33. [Sat May 23 20:38:03 2020] [*] Checking VirtualAlloc write watch (code write)  -> 0
  34. [Sat May 23 20:38:03 2020] [*] Checking for page exception breakpoints  -> 0
  35. [Sat May 23 20:38:03 2020] [*] Checking for API hooks outside module bounds  -> 0
  36. [Sat May 23 20:38:03 2020] [*] Enumerating modules with EnumProcessModulesEx [32-bit]  -> 0
  37. [Sat May 23 20:38:03 2020] [*] Enumerating modules with EnumProcessModulesEx [64-bit]  -> 0
  38. [Sat May 23 20:38:03 2020] [*] Enumerating modules with EnumProcessModulesEx [ALL]  -> 0
  39. [Sat May 23 20:38:03 2020] [*] Enumerating modules with ToolHelp32  -> 0
  40. [Sat May 23 20:38:03 2020] [*] Enumerating the process LDR via LdrEnumerateLoadedModules  -> 0
  41. [Sat May 23 20:38:03 2020] [*] Enumerating the process LDR directly  -> 0
  42. [Sat May 23 20:38:31 2020] [*] Walking process memory with GetModuleInformation  -> 0
  43. [Sat May 23 20:38:31 2020] [*] Checking reg key HARDWARE\Description\System - Identifier is set to VBOX -> 0
  44. [Sat May 23 20:38:31 2020] [*] Checking reg key HARDWARE\Description\System - SystemBiosVersion is set to VBOX -> 0
  45. [Sat May 23 20:38:32 2020] [*] Checking reg key HARDWARE\Description\System - VideoBiosVersion is set to VIRTUALBOX -> 0
  46. [Sat May 23 20:38:32 2020] [*] Checking reg key HARDWARE\Description\System - SystemBiosDate is set to 06/23/99 -> 0
  47. [Sat May 23 20:38:32 2020] [*] Checking VirtualBox Guest Additions directory  -> 0
  48. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\drivers\VBoxMouse.sys  -> 0
  49. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\drivers\VBoxGuest.sys  -> 0
  50. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\drivers\VBoxSF.sys  -> 0
  51. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\drivers\VBoxVideo.sys  -> 0
  52. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxdisp.dll  -> 0
  53. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxhook.dll  -> 0
  54. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxmrxnp.dll  -> 0
  55. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxogl.dll  -> 0
  56. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglarrayspu.dll  -> 0
  57. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglcrutil.dll  -> 0
  58. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglerrorspu.dll  -> 0
  59. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglfeedbackspu.dll  -> 0
  60. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglpackspu.dll  -> 0
  61. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxoglpassthroughspu.dll  -> 0
  62. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxservice.exe  -> 0
  63. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\vboxtray.exe  -> 0
  64. [Sat May 23 20:38:32 2020] [*] Checking file C:\Windows\System32\VBoxControl.exe  -> 0
  65. [Sat May 23 20:38:32 2020] [*] Checking reg key HARDWARE\ACPI\DSDT\VBOX__  -> 0
  66. [Sat May 23 20:38:32 2020] [*] Checking reg key HARDWARE\ACPI\FADT\VBOX__  -> 0
  67. [Sat May 23 20:38:33 2020] [*] Checking reg key HARDWARE\ACPI\RSDT\VBOX__  -> 0
  68. [Sat May 23 20:38:33 2020] [*] Checking reg key SOFTWARE\Oracle\VirtualBox Guest Additions  -> 0
  69. [Sat May 23 20:38:33 2020] [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxGuest  -> 0
  70. [Sat May 23 20:38:33 2020] [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxMouse  -> 0
  71. [Sat May 23 20:38:33 2020] [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxService  -> 0
  72. [Sat May 23 20:38:33 2020] [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxSF  -> 0
  73. [Sat May 23 20:38:33 2020] [*] Checking reg key SYSTEM\ControlSet001\Services\VBoxVideo  -> 0
  74. [Sat May 23 20:38:33 2020] [*] Checking Mac Address start with 08:00:27  -> 0
  75. [Sat May 23 20:38:33 2020] [*] Checking MAC address (Hybrid Analysis)  -> 0
  76. [Sat May 23 20:38:33 2020] [*] Checking device \\.\VBoxMiniRdrDN  -> 0
  77. [Sat May 23 20:38:33 2020] [*] Checking device \\.\VBoxGuest  -> 0
  78. [Sat May 23 20:38:33 2020] [*] Checking device \\.\pipe\VBoxMiniRdDN  -> 0
  79. [Sat May 23 20:38:33 2020] [*] Checking device \\.\VBoxTrayIPC  -> 0
  80. [Sat May 23 20:38:33 2020] [*] Checking device \\.\pipe\VBoxTrayIPC  -> 0
  81. [Sat May 23 20:38:33 2020] [*] Checking VBoxTrayToolWndClass / VBoxTrayToolWnd  -> 0
  82. [Sat May 23 20:38:33 2020] [*] Checking VirtualBox Shared Folders network provider  -> 0
  83. [Sat May 23 20:38:34 2020] [*] Checking VirtualBox process vboxservice.exe  -> 0
  84. [Sat May 23 20:38:34 2020] [*] Checking VirtualBox process vboxtray.exe  -> 0
  85. [Sat May 23 20:38:35 2020] [*] Checking Win32_PnPDevice DeviceId from WMI for VBox PCI device  -> 0
  86. [Sat May 23 20:38:36 2020] [*] Checking Win32_PnPDevice Name from WMI for VBox controller hardware  -> 1
  87. [Sat May 23 20:38:38 2020] [*] Checking Win32_PnPDevice Name from WMI for VBOX names  -> 0
  88. [Sat May 23 20:38:39 2020] [*] Checking Win32_Bus from WMI  -> 0
  89. [Sat May 23 20:38:39 2020] [*] Checking Win32_BaseBoard from WMI  -> 1
  90. [Sat May 23 20:38:39 2020] [*] Checking MAC address from WMI  -> 0
  91. [Sat May 23 20:38:40 2020] [*] Checking NTEventLog from WMI  -> 1
  92. [Sat May 23 20:38:40 2020] [*] Checking SMBIOS firmware   -> 0
  93. [Sat May 23 20:38:40 2020] [*] Checking ACPI tables   -> 0
  94. [Sat May 23 20:38:40 2020] [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 -> 0
  95. [Sat May 23 20:38:40 2020] [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 -> 0
  96. [Sat May 23 20:38:40 2020] [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 -> 0
  97. [Sat May 23 20:38:40 2020] [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation -> 0
  98. [Sat May 23 20:38:40 2020] [*] Checking reg key SYSTEM\ControlSet001\Control\SystemInformation -> 0
  99. [Sat May 23 20:38:40 2020] [*] Checking reg key SOFTWARE\VMware, Inc.\VMware Tools  -> 0
  100. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmnet.sys  -> 0
  101. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmmouse.sys  -> 0
  102. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmusb.sys  -> 0
  103. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vm3dmp.sys  -> 0
  104. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmci.sys  -> 0
  105. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmhgfs.sys  -> 0
  106. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmmemctl.sys  -> 0
  107. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmx86.sys  -> 0
  108. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmrawdsk.sys  -> 0
  109. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmusbmouse.sys  -> 0
  110. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmkdb.sys  -> 0
  111. [Sat May 23 20:38:40 2020] [*] Checking file C:\Windows\System32\drivers\vmnetuserif.sys  -> 0
  112. [Sat May 23 20:38:41 2020] [*] Checking file C:\Windows\System32\drivers\vmnetadapter.sys  -> 0
  113. [Sat May 23 20:38:41 2020] [*] Checking MAC starting with 00:05:69 -> 0
  114. [Sat May 23 20:38:41 2020] [*] Checking MAC starting with 00:0c:29 -> 0
  115. [Sat May 23 20:38:41 2020] [*] Checking MAC starting with 00:1C:14 -> 0
  116. [Sat May 23 20:38:41 2020] [*] Checking MAC starting with 00:50:56 -> 0
  117. [Sat May 23 20:38:41 2020] [*] Checking VMWare network adapter name  -> 0
  118. [Sat May 23 20:38:41 2020] [*] Checking device \\.\HGFS  -> 0
  119. [Sat May 23 20:38:41 2020] [*] Checking device \\.\vmci  -> 0
  120. [Sat May 23 20:38:41 2020] [*] Checking VMWare directory  -> 0
  121. [Sat May 23 20:38:41 2020] [*] Checking SMBIOS firmware   -> 0
  122. [Sat May 23 20:38:41 2020] [*] Checking ACPI tables   -> 0
  123. [Sat May 23 20:38:41 2020] [*] Checking Virtual PC processes VMSrvc.exe  -> 0
  124. [Sat May 23 20:38:42 2020] [*] Checking Virtual PC processes VMUSrvc.exe  -> 0
  125. [Sat May 23 20:38:42 2020] [*] Checking reg key SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters  -> 0
  126. [Sat May 23 20:38:42 2020] [*] Checking reg key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0  -> 0
  127. [Sat May 23 20:38:42 2020] [*] Checking reg key HARDWARE\Description\System  -> 0
  128. [Sat May 23 20:38:42 2020] [*] Checking qemu processes qemu-ga.exe  -> 0
  129. [Sat May 23 20:38:42 2020] [*] Checking SMBIOS firmware   -> 0
  130. [Sat May 23 20:38:42 2020] [*] Checking ACPI tables   -> 0
  131. [Sat May 23 20:38:42 2020] [*] Checking Citrix Xen process xenservice.exe -> 0
  132. [Sat May 23 20:38:42 2020] [*] Checking Mac Address start with 08:16:3E  -> 0
  133. [Sat May 23 20:38:42 2020] [*] Checking Wine via dll exports  -> 0
  134. [Sat May 23 20:38:42 2020] [*] Checking reg key SOFTWARE\Wine  -> 0
  135. [Sat May 23 20:38:42 2020] [*] Checking Parallels processes: prl_cc.exe -> 0
  136. [Sat May 23 20:38:42 2020] [*] Checking Parallels processes: prl_tools.exe -> 0
  137. [Sat May 23 20:38:43 2020] [*] Checking Mac Address start with 08:1C:42  -> 0
  138. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: ollydbg.exe  -> 0
  139. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: ProcessHacker.exe  -> 0
  140. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: tcpview.exe  -> 0
  141. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: autoruns.exe  -> 0
  142. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: autorunsc.exe  -> 0
  143. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: filemon.exe  -> 0
  144. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: procmon.exe  -> 0
  145. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: regmon.exe  -> 0
  146. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: procexp.exe  -> 0
  147. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: idaq.exe  -> 0
  148. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: idaq64.exe  -> 0
  149. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: ImmunityDebugger.exe  -> 0
  150. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: Wireshark.exe  -> 0
  151. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: dumpcap.exe  -> 0
  152. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: HookExplorer.exe  -> 0
  153. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: ImportREC.exe  -> 0
  154. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: PETools.exe  -> 0
  155. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: LordPE.exe  -> 0
  156. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: SysInspector.exe  -> 0
  157. [Sat May 23 20:38:43 2020] [*] Checking process of malware analysis tool: proc_analyzer.exe  -> 0
  158. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: sysAnalyzer.exe  -> 0
  159. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: sniff_hit.exe  -> 0
  160. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: windbg.exe  -> 0
  161. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: joeboxcontrol.exe  -> 0
  162. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: joeboxserver.exe  -> 0
  163. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: joeboxserver.exe  -> 0
  164. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: ResourceHacker.exe  -> 0
  165. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: x32dbg.exe  -> 0
  166. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: x64dbg.exe  -> 0
  167. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: Fiddler.exe  -> 0
  168. [Sat May 23 20:38:44 2020] [*] Checking process of malware analysis tool: httpdebugger.exe  -> 0
  169. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: avghookx.dll  -> 0
  170. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: avghooka.dll  -> 0
  171. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: snxhk.dll  -> 0
  172. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: sbiedll.dll  -> 0
  173. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: dbghelp.dll  -> 0
  174. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: api_log.dll  -> 0
  175. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: dir_watch.dll  -> 0
  176. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: pstorec.dll  -> 0
  177. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: vmcheck.dll  -> 0
  178. [Sat May 23 20:38:44 2020] [*] Checking if process loaded modules contains: wpespy.dll  -> 0
  179. [Sat May 23 20:38:45 2020] [*] Checking if process loaded modules contains: cmdvrt64.dll  -> 0
  180. [Sat May 23 20:38:45 2020] [*] Checking if process loaded modules contains: cmdvrt32.dll  -> 0
  181. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: sample.exe  -> 0
  182. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: bot.exe  -> 0
  183. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: sandbox.exe  -> 0
  184. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: malware.exe  -> 0
  185. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: test.exe  -> 0
  186. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: klavme.exe  -> 0
  187. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: myapp.exe  -> 0
  188. [Sat May 23 20:38:45 2020] [*] Checking if process file name contains: testapp.exe  -> 0
  189. [Sat May 23 20:38:45 2020] [*] Checking if process file name looks like a hash: 4987169361365938599  -> 0
  190. [Sat May 23 20:38:45 2020] [*] Checking Number of processors in machine  -> 0
  191. [Sat May 23 20:38:45 2020] [*] Checking Interupt Descriptor Table location  -> 0
  192. [Sat May 23 20:38:45 2020] [*] Checking Local Descriptor Table location  -> 0
  193. [Sat May 23 20:38:45 2020] [*] Checking Global Descriptor Table location  -> 0
  194. [Sat May 23 20:38:45 2020] [*] Checking Store Task Register  -> 0
  195. [Sat May 23 20:38:47 2020] [*] Checking Number of cores in machine using WMI  -> 0
  196. [Sat May 23 20:38:47 2020] [*] Checking hard disk size using WMI  -> 1
  197. [Sat May 23 20:38:47 2020] [*] Checking hard disk size using DeviceIoControl  -> 1
  198. [Sat May 23 20:38:47 2020] [*] Checking SetupDi_diskdrive  -> 1
  199. [Sat May 23 20:38:52 2020] [*] Checking mouse movement  -> 0
  200. [Sat May 23 20:38:52 2020] [*] Checking memory space using GlobalMemoryStatusEx  -> 0
  201. [Sat May 23 20:38:52 2020] [*] Checking disk size using GetDiskFreeSpaceEx  -> 1
  202. [Sat May 23 20:38:52 2020] [*] Checking if CPU hypervisor field is set using cpuid(0x1) -> 1
  203. [Sat May 23 20:38:52 2020] [*] Checking hypervisor vendor using cpuid(0x40000000) -> 0
  204. [Sat May 23 20:38:52 2020] [*] VM Driver Services   -> 0
  205. [Sat May 23 20:38:52 2020] [*] Checking SerialNumber from BIOS using WMI  -> 1
  206. [Sat May 23 20:38:52 2020] [*] Checking Model from ComputerSystem using WMI  -> 1
  207. [Sat May 23 20:38:52 2020] [*] Checking Manufacturer from ComputerSystem using WMI  -> 1
  208. [Sat May 23 20:39:31 2020] [*] Checking Current Temperature using WMI  -> 1
  209. [Sat May 23 20:39:33 2020] [*] Checking ProcessId using WMI  -> 1
  210. [Sat May 23 20:39:33 2020] [*] Checking power capabilities  -> 1
  211. [Sat May 23 20:39:33 2020] [*] Checking CPU fan using WMI  -> 1
  212. [Sat May 23 20:39:33 2020] [*] Checking NtQueryLicenseValue with Kernel-VMDetection-Private  -> 1
  213. [Sat May 23 20:39:33 2020] [*] Checking Win32_CacheMemory with WMI  -> 1
  214. [Sat May 23 20:39:33 2020] [*] Checking Win32_PhysicalMemory with WMI  -> 0
  215. [Sat May 23 20:39:33 2020] [*] Checking Win32_MemoryDevice with WMI  -> 1
  216. [Sat May 23 20:39:33 2020] [*] Checking Win32_MemoryArray with WMI  -> 1
  217. [Sat May 23 20:39:33 2020] [*] Checking Win32_PortConnector with WMI  -> 1
  218. [Sat May 23 20:39:33 2020] [*] Checking Win32_SMBIOSMemory with WMI  -> 1
  219. [Sat May 23 20:39:42 2020] [*] Checking ThermalZoneInfo performance counters with WMI  -> 1
  220. [Sat May 23 20:39:42 2020] [*] Checking CIM_Memory with WMI  -> 1
  221. [Sat May 23 20:39:42 2020] [*] Checking CIM_Sensor with WMI  -> 1
  222. [Sat May 23 20:39:42 2020] [*] Checking CIM_NumericSensor with WMI  -> 1
  223. [Sat May 23 20:39:42 2020] [*] Checking CIM_TemperatureSensor with WMI  -> 1
  224. [Sat May 23 20:39:42 2020] [*] Checking CIM_PhysicalConnector with WMI  -> 1
  225. [Sat May 23 20:39:42 2020] [*] Checking CIM_Slot with WMI  -> 1
  226. [Sat May 23 20:39:47 2020] [*] Check if time has been accelerated  -> 0
复制代码


评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

vhightr
发表于 2020-5-27 16:11:37 | 显示全部楼层
厉害了
回复

举报

下一页 »
123456下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-18 11:42 , Processed in 0.107009 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表