Page values for "Ema-1088"

Jump to navigation Jump to search

"Associations" values

Association_TypeBehavior
Associated_Pagesandbox detect & evade

"Behavior_Instances" values

Associated_Behaviorsandbox detect & evade

"Pages" values

NameProduct Key/ID Testing
Title_IconBehaviorInstance-Windows.png
Description

Checking for a particular product key/ID associated with a sandbox environment (commonly associated with the Windows host OS used in the environment) can be used to detect whether a malware instance is being executed in a particular sandbox. This can be achieved through several means, including testing for the Key/ID in the Windows registry.

"References" values

Reference_Date2011-01-27
Malware_FamilyRebhip
Reference_URLhttps://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html