Guest Process Testing

From ema
Jump to navigation Jump to search
EMA ID: ema-1090
Description: Virtual machines offer guest additions that can be installed to add functionality such as clipboard sharing. Detecting the process, via its name or other methods, responsible for these tasks is a technique employed by malware for detecting whether it is being executed in a virtual machine.
Associated Behavior: virtual machine detect & evade
Privilege Level: User space

Inherited Attributes:

applicable platform: Windows 10, Windows 7, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 SP1, Windows Server 2003 SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows Server 2008 SP1, Windows Server 2008 SP2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows XP, Windows XP SP1, Windows XP SP2, Windows XP SP3