PinVMShield is a tool to fool (malware) binaries and avoid VMs-sandbox common detection techniques. It uses dynamic binary instrumentation (DBI) techniques to perform the tricks. Namely, it has been developed with the Pin DBI framework.
This project has been developed with Visual Studio 2008 v9.0.30729.1 SP, configured for Pin DBI (see http://www.pintool.org for getting Pin). If you want to compile it by yourself, you may need some tuning in the project configuration. Also, other programs are required to be executed. See Requeriments for more details.
PinVMShield can be easily integrated with sandbox environments for automation of malware analysis tasks with DBI capabilities. Namely, we provide an integration for Cuckoo Sandbox. You can find it in the sandbox_integration
folder. The file inside such a folder must be replace the one located at $CUCKOOPATH/analyzer/windows/modules/packages
.
- Visual Studio 2008 (for compilation)
- Pin 2.13-61206-msvc9 (for running, not assure to be reliable at newer versions)
- Version 1.1 (May, 2014)
- Version 1.0 (January, 2014)
- Alpha release
Licensed under the GNU GPLv3 license.