Named System Object Checks
Jump to navigation
Jump to search
EMA ID: | ema-1092 | ||
---|---|---|---|
Description: | Virtual machines often include specific named system objects by default, such as Windows device drivers, which can be detected by testing for specific strings, whether found in the Windows registry or other places. | ||
Associated Behavior: | virtual machine detect & evade | ||
Privilege Level: | User space | ||
Supporting Details: |
|
Inherited Attributes:
applicable platform: | Windows 10, Windows 7, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2003, Windows Server 2003 SP1, Windows Server 2003 SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows Server 2008 SP1, Windows Server 2008 SP2, Windows Server 2012, Windows Server 2012 R2, Windows Vista, Windows Vista SP1, Windows Vista SP2, Windows XP, Windows XP SP1, Windows XP SP2, Windows XP SP3 |
---|
References:
Date | Malware Family | URL |
---|---|---|
November 1, 2013 | http://artemonsecurity.com/vmde.pdf |