Happy new year everyone :).
I attached the patched DLLs for the latest VirtualBox version (4.3.6-91406).
PS: Does anybody know of a good hex editor that supports regular expression search? Would make the process a little faster.
A forum for reverse engineering, OS internals and malware analysis
Searched query: antivm
Happy new year everyone :).
I attached the patched DLLs for the latest VirtualBox version (4.3.6-91406).
PS: Does anybody know of a good hex editor that supports regular expression search? Would make the process a little faster.
Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' It seems there is (at least) one lazy programmer in the VirtualBox team - just forgot to generate #DB after emulating these instructions in VBox hypervisor vm exit handler. I would say it is more laziness than a bug. I just wond...
Hello. Important fix for everyone who use VBox for malware research. Bug described here http://www.kernelmode.info/forum/viewtopic.php?p=18930#p18930 Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' https://www.virtualbox.org/ticket/10947 Assume vmprotect author should do anot...
Hello rin,
thanks for the heads up :).
I've attached the new patched DLLs for this version.
Hello. Important fix for everyone who use VBox for malware research. Bug described here http://www.kernelmode.info/forum/viewtopic.php?p=18930#p18930 Wrong instruction after single-step exception with 'rdtsc' and 'cpuid' https://www.virtualbox.org/ticket/10947 Assume vmprotect author should do anoth...
I just wanted to thank you guys so much for this information. Upon creating a new virtual box vm I realized that I was unable to open some malware/viruses, more specifically Antivirus Security Pro. Then, I ran across this thread and after doing some research and applying these settings and dll's I s...
Update for the new 4.3.2 version.
... GET /info.php?idd=1760 Host: antivm.com --- GET /check?pgid=10 Host: www.antivm.com --- GET /percer.php?login=MTc2MA== HTTP/1.1 Host: www.antivm.com --- GET http://www.antivm.com/shop?abc=cGdpZD0xMCZyPTE3NjA= ...
Here you go :) I noticed that in one of my VMs old values were still saved from before I applied this: http://www.kernelmode.info/forum/viewtopic.php?p=16102#p16102, so if you want to make sure it worked, search your registry for VBox, VirtualBox etc. the keys might need to be deleted from user SYST...
Hey, there's the new version 4.3
Someone for patching the DLLs ? :)