Malware Evasion Techniques Site

This will just be a short post as I wanted to get this link out there. Recently I had been doing a little side project of creating a Python program that can do certain checks to determine if it is potentially on a machine that will be used to debug it. I want to go deeper than that, but that’s just the current state of the program. For example, I have this excerpt:

def checkRunningProcesses():
    processArray = ["Wireshark","HxD","IDA","NASM","Autopsy","Process Hacker",
                  "VMWare","x64dbg","dnspy","HashCalc","OllyD","shellcode","scdbg"]
    for proc in psutil.process_iter():
        processName = proc.name()
        for i in range(len(processArray)):
            if processArray[i].lower() in processName.lower(): 
                return 1
    return 0

This looks at whether a certain process with a certain name is currently running on the machine. Eventually I wanted to see if a Python script could be leveraged by converting it to an .exe or .dll (I know, converting Python to those formats isn’t necessarily easy or efficient).

Recently though I ran across a really cool site that lists out different types of malware evasion techniques, what they relate to in terms of the infrastructure it is checking, and a lot more. It is called the “Unprotect Project“. So if anyone is interested in those types of things, I’d definitely go over there to check it out!