Page values for "Ema-1089"
Jump to navigation
Jump to search
"Associations" values
Association_Type | Behavior |
Associated_Page | sandbox detect & evade |
"Behavior_Instances" values
Associated_Behavior | sandbox detect & evade |
"Pages" values
Name | Injected DLL Testing |
Title_Icon | BehaviorInstance-Windows.png |
Description | Testing for the name of a particular DLL that is known to be injected by a sandbox for API hooking is a common way of detecting sandbox environments. This can be achieved through the kernel32!GetModuleHandle API call and other means. |
"References" values
Reference_Date | 2011-01-27 |
Malware_Family | Rebhip |
Reference_URL | https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html |