Search Evasion Techniques

Names, Techniques, Definitions, Keywords

Random is cool

Search Result

1 item(s) found so far for this keyword.

Detecting Virtual Environment Files Sandbox Evasion

Some files are created by Virtualbox and VMware on the system.

Malware can check the different folders to find Virtualbox artifacts like VBoxMouse.sys.

Malware can check the different folders to find VMware artifacts like vmmouse.sys, vmhgfs.sys.

Some Files Example

Below is a list of files that can be detected on virtual machines:

  • “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\agent.pyw”,
  • “C:\WINDOWS\system32\drivers\vmmouse.sys”,
  • “C:\WINDOWS\system32\drivers\vmhgfs.sys”,
  • “C:\WINDOWS\system32\drivers\VBoxMouse.sys”,
  • “C:\WINDOWS\system32\drivers\VBoxGuest.sys”,
  • “C:\WINDOWS\system32\drivers\VBoxSF.sys”,
  • “C:\WINDOWS\system32\drivers\VBoxVideo.sys”, …
Read More