antilysis
| Crates.io | antilysis |
| lib.rs | antilysis |
| version | 0.2.2 |
| created_at | 2023-05-30 18:51:30.19297+00 |
| updated_at | 2024-11-26 18:55:17.649548+00 |
| description | State-of-the-art dynamic analysis countering techniques on Windows |
| homepage | https://github.com/percept-denigrate/antilysis |
| repository | https://github.com/percept-denigrate/antilysis |
| max_upload_size | |
| id | 878211 |
| size | 24,468 |
othalan (percept-denigrate)
documentation
README
Antilysis
Rust library implementing state-of-the-art dynamic analysis countering techniques on Windows
Features
- Checks for processes of
- common analysis tools (wireshark, process explorer...)
- VM guest (VMware, Virtualbox, QEMU, Xen )
- debuggers (WinDbg, OllyDbg, GDB, Procdump...)
- Detects common antivirus sandbox artifacts
- Reverse Turing test: waits for user to left click
- Checks if the mac address matches patterns of known VM mac addresses
- Detects VM related files
- Anti-debugging:
- Checks the presence of debuggers by reading the Process Environment Block (PEB)
- Checks the presence of the "\.\NTICE" device (named pipe) which is used to communicate with SoftIce, a Windows kernel debugger
- Ability to hide thread from debuggers
Inspirations
Malware Dynamic Analysis Evasion Techniques: A Survey
Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts