If you think an application is suspicious, then you might run it in a sandbox or virtual machine, and monitor what it does. If nothing happens then that means it's safe, right?

Well, maybe not. Malware will often try to detect whether it's running in a virtual machine, and if that's the case, avoid doing anything harmful.

Paranoid Fish is a tiny open-source tool which uses various tricks to see if it's running in a VM, giving you an idea of whether malware could do the same.

Launch pafish.exe in your testing environment, the program opens a command window and begins running its checks. These can sometimes take a while - it may appear to hang for 3 or 4 minutes - but the individual test names and results are displayed as the program works.

Some of these test name are relatively easy for experienced users to understand (Debuggers Detection, Checking hypervisor bit in cpuid feature bits), others more complex (Checking function ShellExecuteExW method 1), but you don't have to understand every detail. Just look at the verdict after each test: green OK's mean the program hasn't detected any anti-malware tricks, but any red "traced" mean it has. And malware could, too.

- Bugfix release
- Fix "LocalFree after advanced list" #49
- Fix typo
- Add Wpedantic


Paranoid Fish is a handy tool for anyone who regularly uses debuggers/ VMs/ sandboxes to analyse program behaviour. Go fetch a copy right now.