Page values for "Ema-1089"
Jump to navigation
Jump to search
"Associations" values
| Association_Type | Behavior |
| Associated_Page | sandbox detect & evade |
"Behavior_Instances" values
| Associated_Behavior | sandbox detect & evade |
"Pages" values
| Name | Injected DLL Testing |
| Title_Icon | BehaviorInstance-Windows.png |
| Description | Testing for the name of a particular DLL that is known to be injected by a sandbox for API hooking is a common way of detecting sandbox environments. This can be achieved through the kernel32!GetModuleHandle API call and other means. |
"References" values
| Reference_Date | 2011-01-27 |
| Malware_Family | Rebhip |
| Reference_URL | https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html |
