Home > Uncategorized > A Look at Malware with Virtual Machine Detection

A Look at Malware with Virtual Machine Detection

Tuesday, 11-February-2014 Leave a comment Go to comments

A Look at Malware with Virtual Machine Detection
http://blog.malwarebytes.org/intelligence/2014/02/a-look-at-malware-with-virtual-machine-detection/

This is a good article which references the research article below which has some undocumented "features" in VMware.

On the Cutting Edge: Thwarting Virtual Machine Detection
http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf

isolation.tools.getPtrLocation.disable = “TRUE”
isolation.tools.setPtrLocation.disable = “TRUE”
isolation.tools.setVersion.disable = “TRUE”
isolation.tools.getVersion.disable = “TRUE”
monitor_control.disable_directexec = “TRUE”
monitor_control.disable_chksimd = “TRUE”
monitor_control.disable_ntreloc = “TRUE”
monitor_control.disable_selfmod = “TRUE”
monitor_control.disable_reloc = “TRUE”
monitor_control.disable_btinout = “TRUE”
monitor_control.disable_btmemspace = “TRUE”
monitor_control.disable_btpriv = “TRUE”
monitor_control.disable_btseg = “TRUE”

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: