HTML5 Performance Object
Jump to navigation
Jump to search
EMA ID: | ema-1091 | |
---|---|---|
Description: | In three browser families, it is possible to extract the frequency of the Windows performance counter frequency, using standard HTML and Javascript. This value can then be used to detect whether the code is being executed in a virtual machine, by detecting two specific frequencies commonly used in virtual but not physical machines. | |
Associated Behavior: | virtual machine detect & evade | |
Privilege Level: | User space | |
Supporting Details: |
|
Inherited Attributes:
applicable platform: | Windows 10, Windows 7, Windows 7 SP1, Windows 8, Windows 8.1 |
---|
References:
Date | Malware Family | URL |
---|---|---|
May 10, 2015 | http://www.securitygalore.com/site3/vmd1-advisory |