• Home
  • Search
  • Map
  • Resources
    • Technique List
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
  • About
  • API

Search Evasion Techniques

Names, Techniques, Definitions, Keywords

I'm Feeling Lucky

Search Result

1 item(s) found so far for this keyword.

Detecting Virtual Environment Files Sandbox Evasion

Some files are created by Virtualbox and VMware on the system.

Malware can check the different folders to find Virtualbox artifacts like VBoxMouse.sys.

Malware can check the different folders to find VMware artifacts like vmmouse.sys, vmhgfs.sys.

Some Files Example

Below is a list of files that can be detected on virtual machines:

  • "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\agent.pyw",
  • "C:\WINDOWS\system32\drivers\vmmouse.sys",
  • "C:\WINDOWS\system32\drivers\vmhgfs.sys",
  • "C:\WINDOWS\system32\drivers\VBoxMouse.sys",
  • "C:\WINDOWS\system32\drivers\VBoxGuest.sys",
  • "C:\WINDOWS\system32\drivers\VBoxSF.sys",
  • "C:\WINDOWS\system32\drivers\VBoxVideo.sys", …

Made with in 🇫🇷 © 2023. The #UnprotectProject

Terms And Conditions

Contribute