Checking Pipe
Created the Monday 11 March 2019. Updated 1 year, 2 months ago.
Cuckoo is a malware analysis system that uses a named pipe, called \.\pipe\cuckoo, for communication between the host system (where the malware is being analyzed) and the guest system (where the malware is running).
A malware that is running on the guest system can detect the presence of a virtual environment by attempting to access the \.\pipe\cuckoo named pipe. If the named pipe exists, it indicates that the malware is running on a virtual machine being monitored by Cuckoo. This information can be used by the malware to adjust its behavior in order to evade detection or to avoid performing certain actions.
Technique Identifier
Technique Tags
Sandbox Cuckoo Host system Guest system Communication Named pipe Virtual environment
Code Snippets
Additional Resources
External Links
The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.