Pafish is a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
The project is open source, you can read the code of all anti-analysis checks. It is licensed under GNU/GPL version 3.
The objective of this project is to collect the usual tricks seen in malware samples. This allows us to study them, and test if our analysis environments are properly implemented.
Pafish is written in C and can be built with MinGW (gcc + make).
git clone https://github.com/a0rtega/pafish.git
For compiling on Windows, Cygwin is recommended. It will setup an Unix-like environment with a package manager to install only selected software.
During the installation you will need to select packages
Then you just need to run Cygwin Terminal, change to the project directory and compile:
If you are using a Debian based distribution (Ubuntu, Mint, …), you can install the required packages executing:
sudo apt-get install make mingw-w64
If you are running a Red Hat like distribution (Fedora, CentOS, …):
sudo yum install make mingw32-gcc mingw64-gcc
If you are running Arch Linux:
pacman -S make mingw-w64-gcc
Then you can compile:
You can also download the executable of the latest stable version.
Copyright (C) 2013 a0rtega