emulator detect & evade

From ema
Jump to navigation Jump to search
EMA ID: ema-1265
Description: Detects whether the malware instance is being executed in an emulator; if so, a benign execution path is followed.


  • Failed Network Connections: Some emulated systems fail to handle some network communications; such failures will indicate the emulated environment.
  • Check for Emulator-related Files: Checks if particular files (e.g., QEMU files) exist.

Associated Capabilities/Subcapabilities: Capability.png Anti-Behavioral Analysis
Aliases: anti-virtualization

Associated With emulator detect & evade
No results