05-08-2020 , 09:21 PM
Quote: A common approach to analyse potentially malicious software is dynamic analysis in a virtual machine.
Therefore, malware authors use techniques to alter the malware's behavior when being run in a VM. But how do they actually do it?
A common approach to analyse potentially malicious software is dynamic analysis. The binary is executed in an analysis environment, usually a Virtual Machine (VM), and its behaviour in the system is inspected.
Malware developers are aware of this and try to impede this by hiding their malicious intent when being analysed. To be able to do so, the malware needs to detect that it is running inside a VM.
For this, various detection methods exist that we will discuss further in this blog post.
With these in mind, we also performed an analysis of 50,000 malware samples on the usage of VM detection methods.
READ MORE »