Page values for "Ema-1100"
Jump to navigation
Jump to search
"Associations" values
| Association_Type | Behavior |
| Associated_Page | debugger detect & evade |
"Behavior_Instances" values
| Associated_Behavior | debugger detect & evade |
"Pages" values
| Name | API Call: IsDebuggerPresent |
| Title_Icon | BehaviorInstance-Windows.png |
| Description | The kernel32!IsDebuggerPresent API call checks the Process Environment Block to see if the calling process is being debugged. This is one of the most basic and common ways of detecting debugging. |
"References" values
| Reference_Date | 2011-01-27 |
| Malware_Family | Rebhip |
| Reference_URL | https://www.fireeye.com/blog/threat-research/2011/01/the-dead-giveaways-of-vm-aware-malware.html |
