Greetings, I would like to raise a very important topic, namely, creating a machine for working with minimal investment and as high efficiency as possible. Our goal is not to create a fake agent on top of our own and hide possible leaks, but to create a good, high-quality, new identity. (Our virtual machine is at least required to pass the Pafish test, as in the vaunted anti-detection)
We will build our machine on VirtualBox. After installation, we need to configure it.
Step 1. Install VirtualBox
-Download VirtualBox from the official website (https://www.virtualbox.org/wiki/Downloads)
- Perform a clean install of the latest version of VirtualBox.
Clean Tool - You must first remove any other versions of VirtualBox and restart Windows to complete the removal. This ensures that old VirtualBox files are not left in system memory or on disk. Unfortunately, the VirtualBox installation sometimes fails to perform a full uninstall without a reboot, so reboot after the uninstall.
- Start the installation and select the VirtualBox components to install, as shown in the image below.
Step 2. Creating a VM with the necessary configuration
In this example, we install and configure VirtualBox on a x64 PC with the full Windows 8.1 patch.
Create a new VM (in this example, it will be called "vm0", you can name it as you like) and configure it as follows:
Note: 2048 MB is optional, you can change or decrease this value as you see fit.
Configuring a virtual disk
Note. 64 GB is not a requirement and is only used as an example, but again, some unconvincing malware attempts to detect a VM by the size of the hard disk, so please specify a reasonable size (> 32 GB).
After creating a VM (in our case vm0), open its configuration and make some changes.
System
On the "Motherboard" tab, make sure that APIC I / O is enabled. If you plan to use EFI, please read Appendix A: Using EFI VM.
On the Processor tab, make sure that PAE / NX is enabled. Also note that your VM must have at least TWO CPUs, because again the number of CPUs used by malware to determine the execution of the VM. So give the VM at least two CPUs.
On the Acceleration tab, set the paravirtualization interface to "Legacy" and enable VT-x / Nested Paging. The default paravirtualization interface allows a VM to detect the VirtualBox hypervisor by the "hypervisor presence bit" and the hypervisor name using the cpuid instruction. Switching the paravirtualization interface to "Legacy" effectively disables these vm-detect-friendly malware programs.
Display
On the "Screen" tab, disable 3D / 2D acceleration
Memory
storage configuration will look like
You can use the IDE controller instead of SATA, but we will assume that next time you will use SATA by default.
Network
Enable NAT for the VM so that you can use FTP-like programs to communicate with it, and the machine has access to the Internet (if you have one)
After all the settings are set, click OK.
Now it's time to disguise our VM. Close VirtualBox and save the repository developed for this purpose (https://github.com/hfiref0x/VBoxHardenedLoader/tree/master/Binary), to any place convenient for you, I will have it "C:\VBoxLdr". Go to the folder we downloaded and open data \ hidevm_ahci. cmd using Notepad.
We will need to change 2 lines.
set vmscfgdir=C:\VBoxLdr\data\ (The second line is the storage location of the hidevm_ahci.cmd file, in my case I changed it from D: \ Virtual\VBOX\Settings
\ → C:\VBoxLdr\data)
after the changes, save the file and open the command prompt (Win+R, then write cmd in the window that opens). Go to the folder C:\VBoxLdr\data (cd C:\VBoxLdr\data) and run the hidevm_ahci file.cmd
Note: If you have VirtualBox open, close it.
After completing the program, we write (cd C:\VBoxLdr) and run the file loader.exe.
Note: the file loader.exe you need to run it after each reboot of the computer.
After the program is finished, it can close the command prompt and start our VM.
We need to install Windows, it is very important to install the American or European version (In any case, do not install repacks with Russian language support). Such good stuff is full in American and European torrent boards and so on.
If you did everything correctly and your VM starts up, then go to the Internet and download the Pafish test (https://github.com/a0rtega/pafish)
We should have as many possible compliments as possible, and as few failed ones as possible)))
Now let's put together our set of tools to work with:
1. Ccleaner Premium
2. BleachBit
3. Technitium MAC Address Changer
4. ProxyFire
Next, it's a small matter, Change the MAC address, completely clean the VM, configure the ProxyFire bundle and also with its help, close WebRTC to yourself, and do not worry about possible leaks. I also advise you to put 2 browsers, for example Fox (for mail, proxy checking, and so on. and so on) + Google (working). As a result, we get Almost free ( you only need to buy a proxy) and a fairly high-quality machine that perfectly masks virtualization tools, and for most fraud, we are an ordinary buyer sitting from a home computer Somewhere in Florida.
(Note: don't forget the search engine due to the fact that tools you probably downloaded without proxy and VPN, you will automatically get up some sort of Yandex and so on, is completely unacceptable in my opinion is well suited Yahoo or Google)
We will build our machine on VirtualBox. After installation, we need to configure it.
Step 1. Install VirtualBox
-Download VirtualBox from the official website (https://www.virtualbox.org/wiki/Downloads)
- Perform a clean install of the latest version of VirtualBox.
Clean Tool - You must first remove any other versions of VirtualBox and restart Windows to complete the removal. This ensures that old VirtualBox files are not left in system memory or on disk. Unfortunately, the VirtualBox installation sometimes fails to perform a full uninstall without a reboot, so reboot after the uninstall.
- Start the installation and select the VirtualBox components to install, as shown in the image below.
Step 2. Creating a VM with the necessary configuration
In this example, we install and configure VirtualBox on a x64 PC with the full Windows 8.1 patch.
Create a new VM (in this example, it will be called "vm0", you can name it as you like) and configure it as follows:
Note: 2048 MB is optional, you can change or decrease this value as you see fit.
Configuring a virtual disk
Note. 64 GB is not a requirement and is only used as an example, but again, some unconvincing malware attempts to detect a VM by the size of the hard disk, so please specify a reasonable size (> 32 GB).
After creating a VM (in our case vm0), open its configuration and make some changes.
System
On the "Motherboard" tab, make sure that APIC I / O is enabled. If you plan to use EFI, please read Appendix A: Using EFI VM.
On the Processor tab, make sure that PAE / NX is enabled. Also note that your VM must have at least TWO CPUs, because again the number of CPUs used by malware to determine the execution of the VM. So give the VM at least two CPUs.
On the Acceleration tab, set the paravirtualization interface to "Legacy" and enable VT-x / Nested Paging. The default paravirtualization interface allows a VM to detect the VirtualBox hypervisor by the "hypervisor presence bit" and the hypervisor name using the cpuid instruction. Switching the paravirtualization interface to "Legacy" effectively disables these vm-detect-friendly malware programs.
Display
On the "Screen" tab, disable 3D / 2D acceleration
Memory
storage configuration will look like
You can use the IDE controller instead of SATA, but we will assume that next time you will use SATA by default.
Network
Enable NAT for the VM so that you can use FTP-like programs to communicate with it, and the machine has access to the Internet (if you have one)
After all the settings are set, click OK.
Now it's time to disguise our VM. Close VirtualBox and save the repository developed for this purpose (https://github.com/hfiref0x/VBoxHardenedLoader/tree/master/Binary), to any place convenient for you, I will have it "C:\VBoxLdr". Go to the folder we downloaded and open data \ hidevm_ahci. cmd using Notepad.
We will need to change 2 lines.
set vmscfgdir=C:\VBoxLdr\data\ (The second line is the storage location of the hidevm_ahci.cmd file, in my case I changed it from D: \ Virtual\VBOX\Settings
\ → C:\VBoxLdr\data)
after the changes, save the file and open the command prompt (Win+R, then write cmd in the window that opens). Go to the folder C:\VBoxLdr\data (cd C:\VBoxLdr\data) and run the hidevm_ahci file.cmd
Note: If you have VirtualBox open, close it.
After completing the program, we write (cd C:\VBoxLdr) and run the file loader.exe.
Note: the file loader.exe you need to run it after each reboot of the computer.
After the program is finished, it can close the command prompt and start our VM.
We need to install Windows, it is very important to install the American or European version (In any case, do not install repacks with Russian language support). Such good stuff is full in American and European torrent boards and so on.
If you did everything correctly and your VM starts up, then go to the Internet and download the Pafish test (https://github.com/a0rtega/pafish)
We should have as many possible compliments as possible, and as few failed ones as possible)))
Now let's put together our set of tools to work with:
1. Ccleaner Premium
2. BleachBit
3. Technitium MAC Address Changer
4. ProxyFire
Next, it's a small matter, Change the MAC address, completely clean the VM, configure the ProxyFire bundle and also with its help, close WebRTC to yourself, and do not worry about possible leaks. I also advise you to put 2 browsers, for example Fox (for mail, proxy checking, and so on. and so on) + Google (working). As a result, we get Almost free ( you only need to buy a proxy) and a fairly high-quality machine that perfectly masks virtualization tools, and for most fraud, we are an ordinary buyer sitting from a home computer Somewhere in Florida.
(Note: don't forget the search engine due to the fact that tools you probably downloaded without proxy and VPN, you will automatically get up some sort of Yandex and so on, is completely unacceptable in my opinion is well suited Yahoo or Google)
