Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page QuestionMark Secure Browser
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #6  
Old 01-18-2021, 16:37
surferxyz surferxyz is offline
Friend
  
Join Date: Jan 2005
Location: Planet Earth
Posts: 77
Rept. Given: 0
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 12
Thanks Rcvd at 54 Times in 21 Posts
surferxyz Reputation: 9
You could try and work out how it is identifying if it is running under vmware with a debugger/other analysis tools.

Also it is likely that it is just using common published techniques to identify that it is running in a VM, eg looking at the network adapter vendor etc...

Here is an example article that shows two ways to identify the process is running under a VM using the CPUID instruction, and then a solution so the example code no longer succeeds:

https://rayanfam.com/topics/defeating-malware-anti-vm-techniques-cpuid-based-instructions/
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
web browser wx69wx2023 Community Tools 1 03-08-2025 02:15
Prevent browser from being killed nino General Discussion 4 01-10-2014 02:38


All times are GMT +8. The time now is 00:59.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )