7 RUNTIME ENVIRONMENT AND VIRTUAL PROCESSOR ANOMALIES
In the previous three chapters, you’ve seen how malware can query and enumerate OS artifacts and configurations to understand its environment and detect that it’s being analyzed. This chapter will focus on how malware can actively identify analysis sandboxes and VM environments by inspecting the anomalies that malware analysis tools introduce, monitoring virtual processor performance and timing, and abusing virtual processor instructions.
Detecting Analysis and Runtime Anomalies
When malware is executed in a sandbox or malware analysis environment, the sandbox or analysis tools can give ...
Get Evasive Malware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
