Skip to content

A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques

License

Notifications You must be signed in to change notification settings

reverseame/pinVMShield

Repository files navigation

PinVMShield

PinVMShield is a tool to fool (malware) binaries and avoid VMs-sandbox common detection techniques. It uses dynamic binary instrumentation (DBI) techniques to perform the tricks. Namely, it has been developed with the Pin DBI framework.

This project has been developed with Visual Studio 2008 v9.0.30729.1 SP, configured for Pin DBI (see http://www.pintool.org for getting Pin). If you want to compile it by yourself, you may need some tuning in the project configuration. Also, other programs are required to be executed. See Requeriments for more details.

PinVMShield can be easily integrated with sandbox environments for automation of malware analysis tasks with DBI capabilities. Namely, we provide an integration for Cuckoo Sandbox. You can find it in the sandbox_integration folder. The file inside such a folder must be replace the one located at $CUCKOOPATH/analyzer/windows/modules/packages.

License: GPL v3

Requeriments

  • Visual Studio 2008 (for compilation)
  • Pin 2.13-61206-msvc9 (for running, not assure to be reliable at newer versions)

Version History

  • Version 1.1 (May, 2014)
  • Version 1.0 (January, 2014)
  • Alpha release

License

Licensed under the GNU GPLv3 license.

About

A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques

Topics

Resources

License

Stars

Watchers

Forks

Contributors 3

  •  
  •  
  •