Search For Content
Search Result
4 item(s) found so far for this keyword.
Checking Screen Resolution
Sandbox environments typically do not function as standard user workspaces; as a result, they often maintain a minimum screen resolution of 800x600 or even lower. In practice, users seldom work with such limited screen dimensions. Malware may leverage this information, detecting the screen resolution to ascertain whether it is operating on a genuine user machine or within a sandbox environment.
Read moreTime Bomb
Some malware contains a built-in expiration date, after which the malware will no longer run or function. This can be used by attackers to limit the time during which the malware can be detected and analyzed by security researchers. In order to run and analyze the malware after its expiration date, security researchers must manually change the date on the …
Read moreChecking Installed Software
By detecting the presence of certain software and tools commonly used in sandbox environments, such as Python interpreters, tracing utilities, debugging tools, and virtual machine software like VMware, it is possible to infer the existence of a sandbox.
This inference is based on the premise that such tools are often found in sandbox setups used for dynamic malware analysis …
Read moreBuildCommDCBAndTimeoutA
This technique uses a BuildCommDCBAndTimeoutsA API call to determine if the malware is detonating in a sandbox. Normally, a bogus device string would cause this API call to fail. However, some malware sandbox environments may emulate in a way that allows the API call to succeed even when given a bogus device string.