Package proposal: pafish.vm #173
Comments
|
Note: Windows Defender and some other AVs falsely flag this EXE as malware, because it does many of the same VM/sandbox checks that malware does. |
|
pafish is ultra dead, al-khaser is way much better for VM detection https://github.com/LordNoteworthy/al-khaser |
|
al-khaser does not provide compiled binaries, otherwise, I'd vote to add it instead of pafish. |
|
It seems there is a build workflow, but the result is only uploaded as artifact (which means it is only kept for a short period of time). It should be easy though to convert it into a release workflow. @mandiant/flare-vm do you think this is a useful tool that should be added to FLARE-VM? |
|
I do not think al-khaser or pafish make sense in flare-vm. They are useful if you are writing anti-anti-vm or anti-anti-dbg tooling but there is no situation I can think of where you'd run one of these tools to better understand a malware sample. Hardening a VM is a one time thing not a recurring need for one of these tools. |
Package Name
pafish
Tool Name
pafish
Package type
ZIP_EXE
Tool's version number
0.6
Category
Utilities
Tool's authors
Alberto Ortega, Others
Tool's description
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Download URL
https://github.com/a0rtega/pafish/releases/download/v0.6/pafish64.exe
Download SHA256 Hash
ff24b9da6cddd77f8c19169134eb054130567825eee1008b5a32244e1028e76f
Why is this tool a good addition?
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do.
The text was updated successfully, but these errors were encountered: