Browse by type
![]()
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.

$ ./al-khaser.exe -h
Usage: al-khaser.exe [OPTIONS]
Options:
--check <type> Enable specific check(s). Can be used multiple times. Valid types are:
TLS (Thread Local Storage callback checks)
DEBUG (Anti-debugging checks)
INJECTION (Code injection checks)
GEN_SANDBOX (Generic sandbox checks)
VBOX (VirtualBox detection)
VMWARE (VMware detection)
VPC (Virtual PC detection)
QEMU (QEMU detection)
KVM (KVM detection)
XEN (Xen detection)
WINE (Wine detection)
PARALLELS (Parallels detection)
HYPERV (Hyper-V detection)
CODE_INJECTIONS (Additional code injection techniques)
TIMING_ATTACKS (Timing/sleep-based sandbox evasion)
DUMPING_CHECK (Dumping memory/process checks)
ANALYSIS_TOOLS (Analysis tools detection)
ANTI_DISASSM (Anti-disassembly checks)
--sleep <seconds> Set sleep/delay duration in seconds (default: 600).
--delay <seconds> Alias for --sleep.
-h, --help Show this help message and exit.
Examples:
al-khaser.exe --check DEBUG --check TIMING_ATTACKS --sleep 30
al-khaser.exe --check VMWARE --check QEMU
al-khaser.exe --sleep 30
You can download built binaries (x86, x64) from this project's releases page. The password for the 7zs can be found here.
Please, if you encounter any of the anti-analysis tricks which you have seen in a malware, don't hesitate to contribute.
sample.exe or sandbox.exe."system32\drivers\vmusbmouse.sys"
Directories artifacts
Pull requests welcome. Please read the Developer Guidelines on our wiki if you wish to contribute to the project.
$ claude mcp add al-khaser \
-- python -m otcore.mcp_server <graph>