VboxEnumShares

Sandbox Evasion

This method represents a variation of the WNetGetProviderName(WNNC_NET_RDR2SAMPLE, ...) approach, which is typically employed to determine if the network share's provider name is specific, such as VirtualBox. Instead of relying on this well-established technique, we utilize WNetOpenEnum and WNetEnumResource functions to iterate through each network resource. The primary objective is to identify VirtualBox shared folders, which typically feature "VirtualBox" or …

Detecting Online Sandbox

Sandbox Evasion

Online sandboxes are widely used for malware analysis. To evade detection, many malware families implement checks to identify if they are running in such environments. Below are examples of detection techniques for Any.Run and Tria.ge.

Detecting Any.Run

Any.Run uses a fake root certificate to spy on sandbox traffic. System information can be obtained by querying …

AxProtector

Packers

AxProtector encrypts the complete software you aim to protect, and shields it with a security shell, AxEngine. Best-of-breed anti-debugging and anti-disassembly methods are then injected into your software.

Search For Content

Search Result

VboxEnumShares

Sandbox Evasion

Detecting Online Sandbox

Sandbox Evasion

Detecting Any.Run

AxProtector

Packers