Unprotect Navbar Version Logo
  • Home
  • Techniques
  • Scan
  • Resources
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • Avatar Login

Search For Content

Clear

Search Result

3 item(s) found so far for this keyword.

QEMU CPU brand evasion
Sandbox Evasion icon
Sandbox Evasion

QEMU has the CPU brand value of "QEMU Virtual CPU" if KVM is not based on the VM

Read more

Detecting Online Sandbox
Sandbox Evasion icon
Sandbox Evasion

Online sandboxes are widely used for malware analysis. To evade detection, many malware families implement checks to identify if they are running in such environments. Below are examples of detection techniques for Any.Run and Tria.ge.

Detecting Any.Run

  • Any.Run uses a fake root certificate to spy on sandbox traffic. System information can be obtained by querying …

Read more

Detecting Virtual Environment Artefacts
Sandbox Evasion icon
Sandbox Evasion

Malware often checks for artifacts left by virtualization platforms to determine if it is running inside a virtual environment. Detecting such artifacts allows the malware to adapt its behavior, delay execution, or avoid exposing malicious functionality during analysis.

  • QEMU: QEMU registers artifacts in the Windows registry. For example, the key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical …

Read more

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | GDPR

Contribute Now