:( still not luck for me... any tips?
moderator:
split from this topic
http://www.kernelmode.info/forum/viewto ... &start=110
A forum for reverse engineering, OS internals and malware analysis
Search found 124 matches: AntiVM
Searched query: antivm
VirtualBox Anti-AntiVM
by kmd ¦ Wed Oct 17, 2012 4:04 pm ¦ Forum: Tools/Software ¦ Topic: VirtualBox Anti-AntiVM ¦ Replies: 63 ¦ Views: 214173Re: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco)
by EP_X0FF ¦ Mon Oct 15, 2012 4:46 pm ¦ Forum: Malware ¦ Topic: Rootkit MaxSS (alias TDSS, SST, Alureon.FE, Olmasco) ¦ Replies: 149 ¦ Views: 169206... for I/O operations with malicious components, including vbr. It is equal to previously used by MaxSS, as well as multiple debugger checking, antivm. For sample refer to my old post, it's already crypter free, search for DeviceIoControl and IOCTL http://www.kernelmode.info/forum/viewtopic.php?p=9031#p9031 ...
Re: Anti-Vmware malware
by GMax ¦ Mon Oct 08, 2012 4:14 pm ¦ Forum: Malware ¦ Topic: Anti-Vmware malware ¦ Replies: 2 ¦ Views: 3617SpyEyes packed with antiVM
C&C: hxxp://groathclar.com:81/xfst/gypall.php
Trojan-Dropper.Win32.Agent.dvyh (Muldrop + AntiVM)
by Buster_BSA ¦ Mon Jul 30, 2012 10:03 am ¦ Forum: Completed Malware Requests ¦ Topic: Trojan-Dropper.Win32.Agent.dvyh (Muldrop + AntiVM) ¦ Replies: 1 ¦ Views: 2380MD5: 364BBCBBB8E95DCD4BD73D599ACB6E4C
More information: http://www.securelist.com/en/descriptio ... Agent.dvyh
Re: upass Kit malware sample : antivm
by EP_X0FF ¦ Fri Jul 06, 2012 3:07 am ¦ Forum: Malware ¦ Topic: upass Kit (alias Worm:Win32/Rombrast) ¦ Replies: 7 ¦ Views: 6956What kind of antivm you found inside? As for me it is primitive mass injector with mass installed ring3 hooks it uses for hiding, including hiding copy of explorer.exe [1184]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline ...
Re: upass Kit malware sample : antivm
by Xylitol ¦ Wed Jul 04, 2012 9:28 pm ¦ Forum: Malware ¦ Topic: upass Kit (alias Worm:Win32/Rombrast) ¦ Replies: 7 ¦ Views: 6956Upas advert:
VT Scan: https://www.virustotal.com/file/1e87d2c ... 341437412/
Re: Trojan Winlock / Ransom / ScreenLocker
by EP_X0FF ¦ Sun Mar 25, 2012 8:23 am ¦ Forum: Malware ¦ Topic: German Ransom (GEMA, GVU, InetAccelerator) ¦ Replies: 116 ¦ Views: 99358... mode there not working. I assume all three samples are identical, so I take care only of one of them. In attach crypter free sample with removed AntiVM part so it should work everywhere. Exactly what kind of anti-* stuff was removed? VM detection (VirtualPC, VBOX, QEMU, VmWare), Wireshark detection, ...
Re: Trojan Winlock / Ransom / ScreenLocker
by Buster_BSA ¦ Sun Mar 25, 2012 7:59 am ¦ Forum: Malware ¦ Topic: German Ransom (GEMA, GVU, InetAccelerator) ¦ Replies: 116 ¦ Views: 99358... mode there not working. I assume all three samples are identical, so I take care only of one of them. In attach crypter free sample with removed AntiVM part so it should work everywhere. Exactly what kind of anti-* stuff was removed? I tried the sample under Sandboxie and it aborts execution. ...
Re: Trojan Winlock / Ransom / ScreenLocker
by EP_X0FF ¦ Sat Mar 24, 2012 9:31 am ¦ Forum: Malware ¦ Topic: Win32/CBeplay ¦ Replies: 13 ¦ Views: 22307... mode there not working. I assume all three samples are identical, so I take care only of one of them. In attach crypter free sample with removed AntiVM part so it should work everywhere. It is completely similar to http://www.kernelmode.info/forum/viewtopic.php?p=8984#p8984 except title. Posts ...
Re: Rootkits sometimes not installing :/
by EP_X0FF ¦ Sat Dec 03, 2011 10:49 am ¦ Forum: Newbie Questions ¦ Topic: Rootkits sometimes not installing :/ ¦ Replies: 8 ¦ Views: 7656Which one TDSS version? Some may have antivm at crypter level.