Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Search Result

1 item(s) found so far for this keyword.

Detecting Virtual Environment Artefacts Sandbox Evasion

Qemu registers some artifacts into the registry. A malware can detect the Qemu installation with a look at the registry key HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 with the value of Identifier and the data of QEMU or HARDWARE\Description\System with a value of SystemBiosVersion and data of QEMU.

The Virtualbox Guest addition leaves many artifacts in …

Read More