Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
You can download the latest release here: x86 | x64.
Sorry, binaries have been removed for now as they were triggering Google's Safe Browsing heuristics.
Please, if you encounter any of the anti-analysis tricks which you have seen in a malware, don't hesitate to contribute.
sample.exe
or sandbox.exe
.Registry key value artifacts
Registry Keys artifacts
File system artifacts
Directories artifacts
Memory artifacts
MAC Address
Virtual devices
Hardware Device information
System Firmware Tables
Driver Services
Adapter name
Windows Class
Network shares
Processes
WMI
DLL Exports and Loaded DLLs
CPU
NtQueryLicenseValue with Kernel-VMDetection-Private as license value.
Pull requests welcome. Please read the Developer Guidelines on our wiki if you wish to contribute to the project.