Checking Screen Resolution

Created the Monday 11 March 2019. Updated 3 years, 6 months ago.

Sandbox are not used to work as a normal user environment, so most of the time the screen resolution stay at the minimum 800x600 or lower. No one is actually working on a such small screen. Malware could potentially detect the screen resolution to determine if it’s a user machine or a sandbox.

Technique Identifier

U1315

Code Snippets

Thomas Roccia 

#include "wtypes.h"
#include <iostream>
using namespace std;

/*
1024x768 can be used for automated Sandbox
800x600 can be used for automated Sandbox
640x480 can be used for automated Sandbox
1024x697
1280x800
1280x960
1680x1050
1916x1066
*/

void GetResolution(int& horiz, int& verti)
{
   RECT desktop;
   const HWND hDesktop = GetDesktopWindow();
   GetWindowRect(hDesktop, &desktop);
   horiz = desktop.right;
   verti = desktop.bottom;
}

int main()
{
   int horiz = 0;
   int verti = 0;
   GetResolution(horiz, verti);

   if(horiz < 1024)
   {
      cout << "[!] Looks like you run in a sandbox!"<< '\n';
   }

   cout << "[+] Screen resolution: "<< horiz << "x" << verti << '\n';
   return 0;
}
Open Snippet

Additional Resources

External Links

Subscribe to our Newsletter

The information entered into this form is mandatory. It will be subjected to computer processing. It is processed by computer in order to support our users and readers. The recipients of the data will be : contact@unprotect.it.

According to the Data Protection Act of January 6th, 1978, you have at any time, a right of access to and rectification of all of your personal data. If you wish to exercise this right and gain access to your personal data, please write to Thomas Roccia at contact@unprotect.it.

You may also oppose, for legitimate reasons, the processing of your personal data.