Posts: 35
Threads: 8
Joined: May 2024
I've implemented a method to check if my malware is running in a virtual machine ( VM). This helps in detecting if the malware is being analyzed, as most analysts use sandboxing or VM environments to observe malware behavior.
1 - What is Anti-VM ?
Anti-VM (anti-virtual machine) techniques are methods employed by software, particularly malware, to detect the presence of a virtualized environment and alter its behavior accordingly.
2 - Method used in my code ?
CPUID Instruction: - Malware can use the
cpuid which is an instruction used to check for known VM-specific vendor strings (e.g., "VMwareVMware", "VBoxVBoxVBox", "Microsoft Hv", "TCGTCGTCGTCG").
photo:
![[Image: Screenshot-from-2024-06-13-17-56-46.png]](https://i.ibb.co/ZfPckxK/Screenshot-from-2024-06-13-17-56-46.png)
the source code is right here: This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.
Posts: 100
Threads: 2
Joined: Jun 2024
cool, ima use this shit for my stealer
Posts: 35
Threads: 8
Joined: May 2024
(Jun 13, 2024, 10:33 PM)interesting Wrote: cool, ima use this shit for my stealer
if you upload it to virustotal youre gay This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.
Posts: 1,313
Threads: 226
Joined: Jun 2023
Also for some VM the Mac adresse is like 050 smth
Posts: 35
Threads: 8
Joined: May 2024
Jun 14, 2024, 12:01 AM
(This post was last modified: Jun 14, 2024, 12:01 AM by Vittlesical.)
(Jun 13, 2024, 11:06 PM)xzin0vich Wrote: Also for some VM the Mac adresse is like 050 smth
the implementation works on " VMwareVMware", " VBoxVBoxVBox", " Microsoft Hv(Microsoft Hypervisor)", " TCGTCGTCGTCG(qemu)"
i've never tried Mac tbh. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.
Posts: 3
Threads: 0
Joined: Apr 2024
Thanks for the technique.
Posts: 107
Threads: 4
Joined: Mar 2024
I heard about a neet method used in anti-cheats that relies on cpu execution timing. Have you used this before?
This method is undefeatable too allegedly. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Scamming
Posts: 35
Threads: 8
Joined: May 2024
(Jun 14, 2024, 09:59 PM)saul-notbadman Wrote: I heard about a neet method used in anti-cheats that relies on cpu execution timing. Have you used this before?
This method is undefeatable too allegedly.
i've heard of it but never tried it and its called Timing-based anti-cheat detection and it has bunch of techniques one of them called BaseLine Timing Profiles, which basically the system establishes a baseline of normal execution times for various operations and processes in the game. This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: See you on the other side.
Posts: 179
Threads: 15
Joined: Aug 2023
(Jun 14, 2024, 10:33 PM)SilentMastermind Wrote: i've heard of it but never tried it
Better that way, it's unreliable since it's usually implemented using TSC along cpuid or such, which can lead to different result depending on the hypervisor, leaf, CPU or even vmcs configuration.
Posts: 34
Threads: 2
Joined: Mar 2024
|
