View Single Post
  #6  
Old 01-18-2021, 16:37
surferxyz surferxyz is offline
Friend
 
Join Date: Jan 2005
Location: Planet Earth
Posts: 73
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 10
Thanks Rcvd at 52 Times in 19 Posts
surferxyz Reputation: 9
You could try and work out how it is identifying if it is running under vmware with a debugger/other analysis tools.

Also it is likely that it is just using common published techniques to identify that it is running in a VM, eg looking at the network adapter vendor etc...

Here is an example article that shows two ways to identify the process is running under a VM using the CPUID instruction, and then a solution so the example code no longer succeeds:

https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
Reply With Quote