RocProtect - tool to protect against malware aware of Analysis Machine.

RocProtect – tool to protect against malware aware of Analysis Machine.

Malware are able sometimes to detect a virtual environment to avoid analysis and detection. RocProtect is a quick and dirty POC to emulate Virtual artifacts into a physical machine.

RocProtect

RocProtect

Portable Binary Structure:
+ mt.exe : Tool for windows manifest analysis
+ RockProtect.exe: Tool for generated fake registry, folder etc.
+ FakeAp.exe : example AP.

Manifest Tool

Manifest Tool

Support system:
– Currently Support x86 windows Machine.

Download: RocProtect.zip
Source: https://github.com/fr0gger