If you think an application is suspicious, then you might run it in a sandbox or virtual machine, and monitor what it does. If nothing happens then that means it's safe, right?
Well, maybe not. Malware will often try to detect whether it's running in a virtual machine, and if that's the case, avoid doing anything harmful.
Paranoid Fish is a tiny open-source tool which uses various tricks to see if it's running in a VM, giving you an idea of whether malware could do the same.
Launch pafish.exe in your testing environment, the program opens a command window and begins running its checks. These can sometimes take a while - it may appear to hang for 3 or 4 minutes - but the individual test names and results are displayed as the program works.
Some of these test name are relatively easy for experienced users to understand (Debuggers Detection, Checking hypervisor bit in cpuid feature bits), others more complex (Checking function ShellExecuteExW method 1), but you don't have to understand every detail. Just look at the verdict after each test: green OK's mean the program hasn't detected any anti-malware tricks, but any red "traced" mean it has. And malware could, too.
v058
- Bugfix release
- Fix "LocalFree after advanced list" #49
- Fix typo
- Add Wpedantic
Verdict:
Paranoid Fish is a handy tool for anyone who regularly uses debuggers/ VMs/ sandboxes to analyse program behaviour. Go fetch a copy right now.
Your Comments & Opinion
A command line malware remover
Protect yourself from dangerous and untrustworthy web sites with this free browser plug-in
A free bootable CD to help you fix your malfunctioning computer
Detect and remove browser hijackers, adware, more
Track and recover your lost or stolen laptop with this free tool
The secure chat app is now available everywhere
The secure chat app is now available everywhere
A powerful security tool to monitor data sent from your computer