Screen Resolution Testing

From ema
Jump to navigation Jump to search
EMA ID: ema-1000
Description: Sandboxes aren't used in the same manner as a typical user environment, so most of the time the screen resolution stays at the minimum 800x600 or lower. No one is actually working on a such small screen. Malware could potentially detect the screen resolution to determine if it's a user machine or a sandbox.
Associated Behavior: sandbox detect & evade

Inherited Attributes:

applicable platform: Linux (unknown kernel version), Linux Kernel 2.4.x, Linux Kernel 2.6.x, Linux Kernel 3.0.x, Linux Kernel 3.1.x, Linux Kernel 3.10.x, Linux Kernel 3.11.x, Linux Kernel 3.12.x, Linux Kernel 3.13.x, Linux Kernel 3.14.x, Linux Kernel 3.15.x, Linux Kernel 3.16.x, Linux Kernel 3.17.x, Linux Kernel 3.18.x, Linux Kernel 3.19.x, Linux Kernel 3.2.x, Linux Kernel 3.3.x, Linux Kernel 3.4.x, Linux Kernel 3.5.x, Linux Kernel 3.6.x, Linux Kernel 3.7.x, Linux Kernel 3.8.x, Linux Kernel 3.9.x, Linux Kernel 4.0.x, Linux Kernel 4.1.x, Mac OS X (unknown version), Mac OS X 10.0.x, Mac OS X 10.1.x, Mac OS X 10.10.x, Mac OS X 10.11.x, Mac OS X 10.2.x, Mac OS X 10.3.x, Mac OS X 10.4.x, Mac OS X 10.5.x, Mac OS X 10.6.x, Mac OS X 10.7.x, Mac OS X 10.8.x, Mac OS X 10.9.x, Windows (unknown version), Windows 10, Windows 7, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 SP1, Windows Server 2003 SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows Server 2008 SP1, Windows Server 2008 SP2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows Vista SP1, Windows Vista SP2