docs.rs failed to build antilysis-0.2.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Visit the last successful build:
antilysis-0.2.2
Antilysis
Rust library implementing state-of-the-art dynamic analysis countering techniques on Windows
- Detects VM guest and debugger processes
- Detects common analysis tools like wireshark, process explorer, etc...
- Detects common antivirus sandbox artifacts
- Reverse Turing test: waits for user to left click
- Checks if the mac address matches patterns of known VM mac addresses
- Detects VM related files
- Checks the presence of debuggers by reading the Process Environment Block (PEB)
- Checks the presence of the "\.\NTICE" device (named pipe) which is used to communicate with SoftIce, a Windows kernel debugger
- Ability to hide thread from debuggers
Inspirations
Malware Dynamic Analysis Evasion Techniques: A Survey
Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts