+ analysis tool discovery

From ema
Jump to navigation Jump to search
EMA ID: ema-1005
Description: Malware can employ various means to detect whether analysis tools are present or running on the system on which it is executing.

Methods:

  • Process detection: malware can scan for the process name associated with common analysis tools.
    • Debuggers: OllyDBG / ImmunityDebugger / WinDbg / IDA Pro
    • SysInternals Suite Tools (Process Explorer / Process Monitor / Regmon / Filemon, TCPView, Autoruns)
    • PCAP Utilities: Wireshark / Dumpcap
    • Process Utilities: ProcessHacker / SysAnalyzer / HookExplorer / SysInspector
    • PE Utilities: ImportREC / PETools / LordPE
    • Sandboxes: Joe Sandbox, etc.

Associated Capabilities/Subcapabilities: Capability.png Discovery

Associated With + analysis tool discovery
No results