VBoxAntiVMDetectHardened mitigation X64 only

Forum for announcements and questions about tools and software.
Locked
User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only (01/02/17)

Post by EP_X0FF » Thu Mar 09, 2017 9:31 am

Updated guide posted on project github.

https://github.com/hfiref0x/VBoxHardene ... install.md

and for signed version

https://github.com/hfiref0x/VBoxHardene ... _signed.md

Because of this current thread guide now declared obsolete.

Note that 5.1.16 VirtualBox released. Current loader and driver fully compatible with it and since patch generator integrated into loader I think they will be compatible with all future Oracle releases unless they change something really dramatically.
Ring0 - the source of inspiration

Lingovensids
Posts: 2
Joined: Thu Mar 09, 2017 4:42 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Lingovensids » Fri Mar 10, 2017 9:29 am

Hi, im get this error

what is wrong ?
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Fri Mar 10, 2017 2:10 pm

You failed to install patch properly.
Ring0 - the source of inspiration

Lingovensids
Posts: 2
Joined: Thu Mar 09, 2017 4:42 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Lingovensids » Fri Mar 10, 2017 3:29 pm

EP_X0FF wrote:You failed to install patch properly.
Hey guy, you're amazing, now I got my problem fixed.

Now i can analyze my malware happy thank for your time and tutorial

Thank you very much.

You saved my life. :)

Trelowin
Posts: 10
Joined: Tue Mar 14, 2017 12:14 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Trelowin » Tue Mar 14, 2017 3:26 pm

Hi. In the process of start of the file Tsugumi.sys received warning. is it normal? VirtualBox 5.1.16.
You do not have the required permissions to view the files attached to this post.

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Wed Mar 15, 2017 3:08 am

This is TDL warning as it detected installed VirtualBox. Because TDL uses another VirtualBox driver to perform it task this may lead to conflicts with installed VirtualBox as TDL need to unload all VirtualBox drivers first, replace vboxdrv.sys with it own next, load it, perform driver loading, unload vboxdrv and restore original. From TDL screenshot you can see last line >Original driver restored. So everything worked well.
Ring0 - the source of inspiration

Trelowin
Posts: 10
Joined: Tue Mar 14, 2017 12:14 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Trelowin » Wed Mar 15, 2017 1:54 pm

Thanks for the answer. How can I check the build of the settings (on detection)? Maybe a script or a service?

User avatar
EP_X0FF
Global Moderator
Posts: 4812
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EP_X0FF » Wed Mar 15, 2017 4:20 pm

Trelowin wrote:Thanks for the answer. How can I check the build of the settings (on detection)? Maybe a script or a service?
https://github.com/hfiref0x/vmde
https://github.com/a0rtega/pafish
Ring0 - the source of inspiration

Trelowin
Posts: 10
Joined: Tue Mar 14, 2017 12:14 pm

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by Trelowin » Thu Mar 16, 2017 6:15 pm

VMDE-master showed detection. Pafish gave a check log:
[pafish] Start
[pafish] Windows version: 6.1 build 7601
[pafish] CPU: AuthenticAMD Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc)
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc) forcing VM exit
[pafish] Sandbox traced using mouse activity
[pafish] Sandbox traced by checking disk size <= 60GB via GetDiskFreeSpaceExA()
[pafish] Sandbox traced by checking operating system uptime using GetTickCount()
[pafish] VirtualBox traced using Reg key HKLM\HARDWARE\ACPI\DSDT\VBOX__
[pafish] VirtualBox device identifiers traced using WMI
[pafish] End
I corrected detection of a mouse. Replaced Ps/2 a mouse with usb a pad.
Problem detection of the size of a hard drive is clear too.
How to correct remaining holes?

EricBeale
Posts: 1
Joined: Thu Mar 16, 2017 11:25 am

Re: VBoxAntiVMDetectHardened mitigation X64 only

Post by EricBeale » Fri Mar 17, 2017 3:34 pm

Hello! Help me plz! How to configure the shared clipboard and shared folders without installing Additions?
thanks!

Locked