Skip to content

A collection of techniques commonly used in malware to accomplish core tasks.

License

Notifications You must be signed in to change notification settings

alichtman/malware-techniques

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


This collection of programs demonstrates techniques used in malware to accomplish core tasks.

It's like Al-Khaser, except focused on macOS and Linux.

Catalog

  • Anti-Autoanalysis
  • Anti-Reverse Engineering
  • Anti-VM
  • Data-Collection
  • Persistence

Implementation

These programs are written in a mix of languages. Currently, the library uses (in order of strlen(language_name)):

  • C
  • x86
  • Bash
  • Python
  • Objective-C

Building and Running

Each program is meant to be run independently. There is no main.{c,py,m,asm}.

Typically, each program (written in C) can be compiled with $ gcc FILE -o OUTPUT_FILE.

Exceptions to this are:

  • src/anti-vm/cross-platform/vmware_detect_with_asm.c, which uses cmake for compilation. Instructions can be found in src/anti-vm/cross-platform/README.md.
  • src/anti-autoanalysis/macOS/detectUserActivity, which uses clang for compilation. Instructions can be found in src/anti-autoanalysis/macOS/detectUserActivity/README.md

Motivation

You can read about the motivation behind this project in this presentation I gave.

Acknowledgements

Thank you to all the security researchers that made this project possible. Material published by the following researchers was particularly helpful while I was building this library: