Page 21 of 25
Re: VBoxAntiVMDetectHardened mitigation X64 only (01/02/17)
PostPosted:Thu Mar 09, 2017 9:31 am
by EP_X0FF
Updated guide posted on project github.
https://github.com/hfiref0x/VBoxHardene ... install.md
and for signed version
https://github.com/hfiref0x/VBoxHardene ... _signed.md
Because of this current thread guide now declared obsolete.
Note that 5.1.16 VirtualBox released. Current loader and driver fully compatible with it and since patch generator integrated into loader I think they will be compatible with all future Oracle releases unless they change something really dramatically.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Mar 10, 2017 9:29 am
by Lingovensids
Hi, im get this error
what is wrong ?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Mar 10, 2017 2:10 pm
by EP_X0FF
You failed to install patch properly.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Mar 10, 2017 3:29 pm
by Lingovensids
EP_X0FF wrote:You failed to install patch properly.
Hey guy, you're amazing, now I got my problem fixed.
Now i can analyze my malware happy thank for your time and tutorial
Thank you very much.
You saved my life. :)
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Tue Mar 14, 2017 3:26 pm
by Trelowin
Hi. In the process of start of the file Tsugumi.sys received warning. is it normal? VirtualBox 5.1.16.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Mar 15, 2017 3:08 am
by EP_X0FF
This is TDL warning as it detected installed VirtualBox. Because TDL uses another VirtualBox driver to perform it task this may lead to conflicts with installed VirtualBox as TDL need to unload all VirtualBox drivers first, replace vboxdrv.sys with it own next, load it, perform driver loading, unload vboxdrv and restore original. From TDL screenshot you can see last line >Original driver restored. So everything worked well.
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Mar 15, 2017 1:54 pm
by Trelowin
Thanks for the answer. How can I check the build of the settings (on detection)? Maybe a script or a service?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Wed Mar 15, 2017 4:20 pm
by EP_X0FF
Trelowin wrote:Thanks for the answer. How can I check the build of the settings (on detection)? Maybe a script or a service?
https://github.com/hfiref0x/vmde
https://github.com/a0rtega/pafish
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Thu Mar 16, 2017 6:15 pm
by Trelowin
VMDE-master showed detection. Pafish gave a check log:
[pafish] Start
[pafish] Windows version: 6.1 build 7601
[pafish] CPU: AuthenticAMD Intel(R) Pentium(R) CPU G4400 @ 3.30GHz
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc)
[pafish] CPU VM traced by checking the difference between CPU timestamp counters (rdtsc) forcing VM exit
[pafish] Sandbox traced using mouse activity
[pafish] Sandbox traced by checking disk size <= 60GB via GetDiskFreeSpaceExA()
[pafish] Sandbox traced by checking operating system uptime using GetTickCount()
[pafish] VirtualBox traced using Reg key HKLM\HARDWARE\ACPI\DSDT\VBOX__
[pafish] VirtualBox device identifiers traced using WMI
[pafish] End
I corrected detection of a mouse. Replaced Ps/2 a mouse with usb a pad.
Problem detection of the size of a hard drive is clear too.
How to correct remaining holes?
Re: VBoxAntiVMDetectHardened mitigation X64 only
PostPosted:Fri Mar 17, 2017 3:34 pm
by EricBeale
Hello! Help me plz! How to configure the shared clipboard and shared folders without installing Additions?
thanks!