Page values for "Ema-1088"
Jump to navigation
Jump to search
"Associations" values
Association_Type | Behavior |
Associated_Page | sandbox detect & evade |
"Behavior_Instances" values
Associated_Behavior | sandbox detect & evade |
"Pages" values
Name | Product Key/ID Testing |
Title_Icon | BehaviorInstance-Windows.png |
Description | Checking for a particular product key/ID associated with a sandbox environment (commonly associated with the Windows host OS used in the environment) can be used to detect whether a malware instance is being executed in a particular sandbox. This can be achieved through several means, including testing for the Key/ID in the Windows registry. |
"References" values
Reference_Date | 2011-01-27 |
Malware_Family | Rebhip |
Reference_URL | https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html |