Zerowine: Dumping malware and detection of antivm and antidebug
I released a new version of Zerowine, a QEmu+Wine based malware auto-analysis tool. In this version I added support to dump the malware from memory while running. The dumps can also be downloaded for later analysis with IDA Pro.
The other feature I added is the ability to detect both anti-debugging and anti-vm techniques. The detection of anti-debugging techniques is done by analyzing the APIs called by the malware while the anti-vm detection is done by looking for patterns in both the packed version of the malware (the original one) and the unpacked (memory dump) version of the malware.
Update: I fixed the issue with the corrupted image. I uploaded a new working one and the MD5Sum.