Skip to content
/ pafish Public
forked from a0rtega/pafish

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

License

Notifications You must be signed in to change notification settings

4g3n7/pafish

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pafish

(Paranoid Fish)

Pafish is a demo tool that performs some anti(debugger/VM/sandbox) tricks. Most of them are often used by malware to avoid debugging and dynamic analysis.

The project is open source, you can read the code of all anti-analysis checks. You can also download the compiled executable (or compile it by yourself) and reverse engineer it, which is quite recommended.

It is licensed under GNU/GPL version 3.

Scope

Note that the aim of the project is not to implement complex VM detections.

The objective of this project is to collect usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.

Examples of execution (v025 all of them):

ThreatExpert
Cuckoo Sandbox
Anubis
Comodo

Build

Pafish is written in C and built with pure MinGW (make + gcc).

Author

Alberto Ortega (@a0rtega - profile)

Contributions

Feel free to send me malware samples or more tricks to add. GPG ID: 6A06CF5A

About

Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 99.3%
  • C++ 0.7%