Page values for "Ema-1089"

Jump to navigation Jump to search

"Associations" values

Association_TypeBehavior
Associated_Pagesandbox detect & evade

"Behavior_Instances" values

Associated_Behaviorsandbox detect & evade

"Pages" values

NameInjected DLL Testing
Title_IconBehaviorInstance-Windows.png
Description

Testing for the name of a particular DLL that is known to be injected by a sandbox for API hooking is a common way of detecting sandbox environments. This can be achieved through the kernel32!GetModuleHandle API call and other means.

"References" values

Reference_Date2011-01-27
Malware_FamilyRebhip
Reference_URLhttps://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html