Malware anti-VM technics

Malware analysis usually involved the use of virtual environment (VM) such as VMware, VirtualBox and plenty of other virtualisation solutions. Mentioning the main virtualisation product is great but such products are also used in sandbox and other testing environment such as Virustotal, Anubis, etc. There is a lot of reason for using a virtual environment for such analysis. In particular it give the ability to run malicious code in a control manner. You can customize your VM to meet your needs, install vulnerable software, change configuration, etc. Not to mention the ability to start from scratch and restore a previous snapshot. You can do it the “old” way by running the malicious executable directly on your operating system but you will take a little more risk not to mention the time you will lose to restore your system.

Continue reading “Malware anti-VM technics”