A tool to detect and crash Cuckoo Sandbox
Anticuckoo can also detect other sandbox like FireEye (-c2):
The overkill methods can be useful. For example using the overkill methods you have two features in one: detection/crash and "a kind of Sleep" (Cuckoomon bypass long Sleeps calls).
Crash POCs is only a demostration. A real malware can be use this code to detect cuckoo without crashing it, ex only check the exception, esp etc and after make useless code.
Submit Release/anticuckoo.exe to analysis in Cuckoo Sandbox. Check the screenshots (console output). Also you can check Accesed Files in Sumary:
Accesed Files in Sumary (django web):
Specify in submit options the crash argument, ex -c1 (via django web):
And check Screenshots/connect via RDP/whatson connection to verify the crash. Ex -c1 via RDP:
New ideas & PRs are wellcome.