Search Evasion Techniques
Names, Techniques, Definitions, Keywords
Search Result
1 item(s) found so far for this keyword.
Detecting Virtual Environment Artefacts Sandbox Evasion
Qemu registers some artifacts into the registry. A malware can detect the Qemu installation with a look at the registry key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 with the value of Identifier and the data of QEMU or HARDWARE\Description\System with a value of SystemBiosVersion and data of QEMU.
The Virtualbox Guest addition leaves many artifacts in …