Unprotect Navbar Version Logo
  • Home
  • Techniques
  • Scan
  • Resources
    • Snippet List
    • Detection Rule List
    • Featured Evasion API List
    • Contributors
    • Scanned Samples
  • Tools
  • About
  • Avatar Login

Search For Content

Clear

Search Result

3 item(s) found so far for this keyword.

Time Bomb
Sandbox Evasion icon
Sandbox Evasion
Others icon
Others

Some malware contains a built-in expiration date, after which the malware will no longer run or function. This can be used by attackers to limit the time during which the malware can be detected and analyzed by security researchers. In order to run and analyze the malware after its expiration date, security researchers must manually change the date on the …

Read more

GetTickCount
Anti-Debugging icon
Anti-Debugging

This is typical timing function which is used to measure time needed to execute some function/instruction set. If the difference is more than fixed threshold, the process exits.

GetTickCount reads from the KUSER_SHARED_DATA page. This page is mapped read-only into the user mode range of the virtual address and read-write in the kernel range. The system clock tick updates …

Read more

Virtualization/Sandbox Evasion: Time Based Evasion
Defense Evasion [Mitre] icon
Defense Evasion [Mitre]

Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include enumerating time-based properties, such as uptime or the system clock, as well as the use of timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.

… Read more

The #UnprotectProject is brought to you by 🇫🇷 fr0gger_ and 🇫🇷 DarkCoderSc

Terms And Conditions | GDPR

Contribute Now