View Single Post
  #3  
Old 03-16-2015, 06:12
Insid3Code's Avatar
Insid3Code Insid3Code is offline
Family
 
Join Date: May 2013
Location: Algeria
Posts: 80
Rept. Given: 43
Rept. Rcvd 60 Times in 30 Posts
Thanks Given: 21
Thanks Rcvd at 65 Times in 30 Posts
Insid3Code Reputation: 60
Quote:
Originally Posted by user1 View Post
May I ask to explain a bit more?
When you try to analyze a suspicious file (malware), usually you do it in a virtual machine, and in case where the suspicious file uses some tricks to detect your virtual analysis lab, based on its strings or hardware signature, here you need to make a custom configuration or patch some strings/hardware signature to avoid virtual machine detection.

EP_X0FF has made a great job by releasing and sharing (tut and tool with source) VM detection mitigation for (VirtualBox)
__________________
Computer Forensics
Reply With Quote
The Following 2 Users Gave Reputation+1 to Insid3Code For This Useful Post:
niculaita (03-23-2015), user1 (03-16-2015)
The Following 2 Users Say Thank You to Insid3Code For This Useful Post:
softgate (04-02-2015), user1 (04-03-2015)