Expand description
§Antilysis
Library to detect analysis on windows to protect your program from it. Anti-VM, anti-sandbox, anti-analyzing.
Functions§
- attempt_
hide_ thread - Try to hide the current thread for debuggers.
- comparaison_
known_ mac_ addr - Returns if the mac addresses indicates a VM running with Virtual Box or VMware.
- detected
- Returns whether or not any sign of analysis environment is present. Is true if one of the following is true: processes(), is_debugger_present(), comparaison_known_mac_addr(), vm_file_detected(), sandbox().
- is_
debugger_ present - Returns whether or not a debugger is present.
- processes
- Returns whether or not suspicious processes have been found. Includes analyzers (wireshark, process explorer, etc…) VM guest processes and debuggers processes.
- sandbox
- Returns whether or not any common sandbox artifact is present.
- vm_
file_ detected - Returns whether or not any VM specific files (Virtual Box and Vmware) are present.
- wait_
for_ left_ clicks - Waits for the user to left click. The function takes the number of clicks to wait for as an argument.