//Check if CPU temperature information is available
public Generic.SandboxRes checkAudio()
{
Generic.SandboxRes returnData = new Generic.SandboxRes(false, new List <Generic.SandboxTag>());
ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\WMI", "SELECT * FROM MSAcpi_ThermalZoneTemperature");
try
{
searcher.Get();
foreach (ManagementObject queryObj in searcher.Get())
{
double temp = Convert.ToDouble(queryObj["CurrentTemperature"].ToString());
double temp_cel = (temp / 10 - 273.15);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
Generic.SandboxTag aux = new Generic.SandboxTag("CPU Temperature available", "False");
returnData.tagList.Add(aux);
}
if (returnData.tagList.Count > 0)
{
returnData.isSandbox = true;
}
return(returnData);
}
//Check if HDD Vendor ID has specific value
public Generic.SandboxRes checkHdVendor()
{
Generic.SandboxRes returnData = new Generic.SandboxRes(false, new List <Generic.SandboxTag>());
ManagementObjectSearcher moSearcher = new ManagementObjectSearcher("SELECT * FROM Win32_DiskDrive");
foreach (ManagementObject wmi_HD in moSearcher.Get())
{
try
{
//VMWare
if (wmi_HD["PNPDeviceID"].ToString().ToLower().Contains("vmware".ToLower()))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMWare", wmi_HD["PNPDeviceID"].ToString());
returnData.tagList.Add(aux);
}
//VirtualBox
if (wmi_HD["PNPDeviceID"].ToString().ToLower().Contains("VBOX".ToLower()))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", wmi_HD["PNPDeviceID"].ToString());
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
if (returnData.tagList.Count > 0)
{
returnData.isSandbox = true;
}
return(returnData);
}
//Check if particular registry keys contain specified strings
public Generic.SandboxRes checkKeyValue()
{
Generic.SandboxRes returnData = new Generic.SandboxRes(false, new List <Generic.SandboxTag>());
//VMWare
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 : Identifier - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 : Identifier - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 : Identifier - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\Description\System : SystemBiosVersion - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "INTEL - 6040000"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\Description\System : SystemBiosVersion - INTEL - 6040000");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "VideoBiosVersion", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\Description\System : VideoBiosVersion - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System\BIOS", "SystemProductName", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\HARDWARE\Description\System\BIOS : SystemProductName - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "0", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum : 0 - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "1", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum : 1 - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "DeviceDesc", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum : DeviceDesc - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "FriendlyName", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum : FriendlyName - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "DeviceDesc", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum : DeviceDesc - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet002\Services\Disk\Enum", "FriendlyName", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet002\Services\Disk\Enum : FriendlyName - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet002\Services\Disk\Enum", "DeviceDesc", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet002\Services\Disk\Enum : DeviceDesc - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet003\Services\Disk\Enum", "FriendlyName", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet003\Services\Disk\Enum : FriendlyName - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet003\Services\Disk\Enum", "DeviceDesc", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet003\Services\Disk\Enum : DeviceDesc - VMWARE");
returnData.tagList.Add(aux);
}
if (checkKey("HKCR", @"Installer\Products", "ProductName", "vmware tools"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKCR\Installer\Products : ProductName - vmware tools");
returnData.tagList.Add(aux);
}
if (checkKey("HKCU", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", "DisplayName", "vmware tools"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall : DisplayName - vmware tools");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", "DisplayName", "vmware tools"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall : DisplayName - vmware tools");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000", "CoInstallers32", "vmx"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 : CoInstallers32 - vmx");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000", "DriverDesc", "VMware"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 : DriverDesc - VMware");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000", "InfSection", "vmx"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 : InfSection - vmx");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000", "ProviderName", "VMware"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 : ProviderName - VMware");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000", "Device Description", "VMware"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 : Device Description - VMware");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\SystemInformation", "SystemProductName", "VMWARE"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation : SystemProductName - VMWARE");
returnData.tagList.Add(aux);
}
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\Video", false);
string[] valueNames = regMachine.GetSubKeyNames();
foreach (string entry in valueNames)
{
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\Video", "Service", "vm3dmp"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\Video : Service - vm3dmp");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\Video", "Service", "vmx_svga"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\Video : Service - vmx_svga");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\0000", "Device Description", "VMware SVGA"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKLM\SYSTEM\CurrentControlSet\Control\Video\" + entry + @"\0000 : Device Description - VMware SVGA");
returnData.tagList.Add(aux);
}
}
//Xen
if (checkKey("HKLM", @"HARDWARE\Description\System\BIOS", "SystemProductName", "Xen"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("Xen", @"HKLM\HARDWARE\Description\System\BIOS : SystemProductName - Xen");
returnData.tagList.Add(aux);
}
//General
if (checkKey("HKLM", @"HARDWARE\Description\System\BIOS", "SystemProductName", "A M I"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("General", @"HKLM\HARDWARE\Description\System\BIOS : SystemProductName - A M I");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosDate", "06/23/99"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("General", @"HKLM\HARDWARE\Description\System : SystemBiosDate - 06/23/99");
returnData.tagList.Add(aux);
}
//BOCHS
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "BOCHS"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("BOCHS", @"HKLM\HARDWARE\Description\System : SystemBiosVersion - BOCHS");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "VideoBiosVersion", "BOCHS"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("BOCHS", @"HKLM\HARDWARE\Description\System : VideoBiosVersion - BOCHS");
returnData.tagList.Add(aux);
}
//Anubis
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion", "ProductID", "76487-337-8429955-22614"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("Anubis", @"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion : ProductID - 76487-337-8429955-22614");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ProductID", "76487-337-8429955-22614"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("Anubis", @"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion : ProductID - 76487-337-8429955-22614");
returnData.tagList.Add(aux);
}
//CwSandbox
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion", "ProductID", "76487-644-3177037-23510"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("CwSandbox", @"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion : ProductID - 76487-644-3177037-23510");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ProductID", "76487-644-3177037-23510"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("CwSandbox", @"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion : ProductID - 76487-644-3177037-23510");
returnData.tagList.Add(aux);
}
//JoeBox
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion", "ProductID", "55274-640-2673064-23950"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("CwSandbox", @"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion : ProductID - 55274-640-2673064-23950");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ProductID", "55274-640-2673064-23950"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("CwSandbox", @"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion : ProductID - 55274-640-2673064-23950");
returnData.tagList.Add(aux);
}
//Parallels
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "PARALLELS"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("Parallels", @"HKLM\HARDWARE\Description\System : SystemBiosVersion - PARALLELS");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "VideoBiosVersion", "PARALLELS"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("Parallels", @"HKLM\HARDWARE\Description\System : VideoBiosVersion - PARALLELS");
returnData.tagList.Add(aux);
}
//QEMU
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "QEMU"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("QEMU", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 : Identifier - QEMU");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "QEMU"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("QEMU", @"HKLM\HKLM\HARDWARE\Description\System : SystemBiosVersion - QEMU");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "VideoBiosVersion", "QEMU"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("QEMU", @"HKLM\HARDWARE\Description\System : VideoBiosVersion - QEMU");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System\BIOS ", "SystemManufacturer", "QEMU"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("QEMU", @"HKLM\HARDWARE\Description\System\BIOS : VideoBiosVersion - QEMU");
returnData.tagList.Add(aux);
}
//VirtualBox
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0: Identifier - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0: Identifier - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0", "Identifier", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0: Identifier - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "SystemBiosVersion", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\Description\System: SystemBiosVersion - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System", "VideoBiosVersion", "VIRTUALBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\Description\System: VideoBiosVersion - VIRTUALBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"HARDWARE\Description\System\BIOS", "SystemProductName", "VIRTUAL"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\HARDWARE\Description\System\BIOS: SystemProductName - VIRTUAL");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "DeviceDesc", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum: DeviceDesc - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet001\Services\Disk\Enum", "FriendlyName", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet001\Services\Disk\Enum: FriendlyName - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet002\Services\Disk\Enum", "DeviceDesc", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet002\Services\Disk\Enum: DeviceDesc - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet002\Services\Disk\Enum", "FriendlyName", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet002\Services\Disk\Enum: FriendlyName - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet003\Services\Disk\Enum", "DeviceDesc", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet003\Services\Disk\Enum: DeviceDesc - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\ControlSet003\Services\Disk\Enum", "FriendlyName", "VBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\ControlSet003\Services\Disk\Enum: FriendlyName - VBOX");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\SystemInformation", "SystemProductName", "VIRTUAL"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation: SystemProductName - VIRTUAL");
returnData.tagList.Add(aux);
}
if (checkKey("HKLM", @"SYSTEM\CurrentControlSet\Control\SystemInformation", "SystemProductName", "VIRTUALBOX"))
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", @"HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation: SystemProductName - VIRTUALBOX");
returnData.tagList.Add(aux);
}
if (returnData.tagList.Count > 0)
{
returnData.isSandbox = true;
}
return(returnData);
}
//Check if particular registry paths exist
public Generic.SandboxRes checkPath()
{
Generic.SandboxRes returnData = new Generic.SandboxRes(false, new List <Generic.SandboxTag>());
//VMware
try
{
RegistryKey regUser = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\VMware, Inc.\VMware Tools", false);
if (regUser != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", @"HKCU\SOFTWARE\VMware, Inc.\VMware Tools");
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
string[] list1 = { @"SOFTWARE\VMware, Inc.\VMware Tools", @"SYSTEM\ControlSet001\Services\vmdebug", @"SYSTEM\ControlSet001\Services\vmmouse", @"SYSTEM\ControlSet001\Services\VMTools", @"SYSTEM\ControlSet001\Services\VMMEMCTL", @"SYSTEM\ControlSet001\Services\vmware", @"SYSTEM\ControlSet001\Services\vmci", @"SYSTEM\ControlSet001\Services\vmx86" };
foreach (string s in list1)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("VMware", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//General
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(@"Software\Classes\Folder\shell\sandbox", false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("General", @"HKLM\Software\Classes\Folder\shell\sandbox");
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
//Hyper-V
string[] list2 = { @"SOFTWARE\Microsoft\Hyper-V", @"SOFTWARE\Microsoft\VirtualMachine", @"SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters", @"SYSTEM\ControlSet001\Services\vmicheartbeat", @"SYSTEM\ControlSet001\Services\vmicvss", @"SYSTEM\ControlSet001\Services\vmicshutdown", @"SYSTEM\ControlSet001\Services\vmicexchange" };
foreach (string s in list2)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("Hyper-V", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//Sandboxie
string[] list3 = { @"SYSTEM\CurrentControlSet\Services\SbieDrv", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sandboxie" };
foreach (string s in list3)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("Sandboxie", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//VirtualBox
string[] list4 = { @"HARDWARE\ACPI\DSDT\VBOX__", @"HARDWARE\ACPI\FADT\VBOX__", @"HARDWARE\ACPI\RSDT\VBOX__", @"SOFTWARE\Oracle\VirtualBox Guest Additions", @"SYSTEM\ControlSet001\Services\VBoxGuest", @"SYSTEM\ControlSet001\Services\VBoxMouse", @"SYSTEM\ControlSet001\Services\VBoxService", @"SYSTEM\ControlSet001\Services\VBoxSF", @"SYSTEM\ControlSet001\Services\VBoxVideo" };
foreach (string s in list4)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualBox", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//VirtualPC
string[] list5 = { @"SYSTEM\ControlSet001\Services\vpcbus", @"SYSTEM\ControlSet001\Services\vpc-s3", @"SYSTEM\ControlSet001\Services\vpcuhub", @"SYSTEM\ControlSet001\Services\msvmmouf" };
foreach (string s in list5)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("VirtualPC", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//Xen
string[] list6 = { @"HARDWARE\ACPI\DSDT\xen", @"HARDWARE\ACPI\FADT\xen", @"HARDWARE\ACPI\RSDT\xen", @"SYSTEM\ControlSet001\Services\xenevtchn", @"SYSTEM\ControlSet001\Services\xennet", @"SYSTEM\ControlSet001\Services\xennet6", @"SYSTEM\ControlSet001\Services\xensvc", @"SYSTEM\ControlSet001\Services\xenvdb" };
foreach (string s in list6)
{
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(s, false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("Xen", "HKLM\\" + s);
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
}
//Wine
try
{
RegistryKey regUser = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Wine", false);
if (regUser != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("Wine", @"SOFTWARE\Wine");
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
try
{
RegistryKey regMachine = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Wine", false);
if (regMachine != null)
{
Generic.SandboxTag aux = new Generic.SandboxTag("Wine", @"SOFTWARE\Wine");
returnData.tagList.Add(aux);
}
}
catch (Exception e)
{
//Console.WriteLine("[/] Error:" + e);
}
if (returnData.tagList.Count > 0)
{
returnData.isSandbox = true;
}
return(returnData);
}
