Page values for "Ema-1088"
Jump to navigation
Jump to search
"Associations" values
| Association_Type | Behavior |
| Associated_Page | sandbox detect & evade |
"Behavior_Instances" values
| Associated_Behavior | sandbox detect & evade |
"Pages" values
| Name | Product Key/ID Testing |
| Title_Icon | BehaviorInstance-Windows.png |
| Description | Checking for a particular product key/ID associated with a sandbox environment (commonly associated with the Windows host OS used in the environment) can be used to detect whether a malware instance is being executed in a particular sandbox. This can be achieved through several means, including testing for the Key/ID in the Windows registry. |
"References" values
| Reference_Date | 2011-01-27 |
| Malware_Family | Rebhip |
| Reference_URL | https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html |
