[marcodiego]

I call BS. How it works says: "When hackers install malicious software on a compromised victim, they first check to make sure its safe for them to run."; Download asks e-mail and name; Does not seems multiplatform and would never install anything like that on my computer in a dream unless it were open source.

[poincaredisk]

I'm a malware researcher and reverse engineer for a living. This is absolutely true, but oversimplified. Focus on

>They don't want to get caught and avoid computers that have security analysis or anti-malware tools on them.

Malware doesn't want to run in a sandbox environment (or in general when observed), because doing malicious things in the AV sandbox is a straight way to get blocked, and leaks C2 servers and other IoCs immediately. That's why most malware families[1] at least try to check if the machine they're running on is a sandbox/researcher pc/virtual machine.

I assume this is what this tool does. We joke at work that the easiest thing to do to make your windows immune to malware is to create a fake service and call it VBoxSVC.

[1] except, usually, ransomware, because ransomware is very straightforward and doesn't care about stealth anyway.

[davikr]

It's very platform-dependent, because for each one there are different ways in which a virus checks for markers that it's being analysed - for instance, if it's being ran in a VM, it might check registry entries, check for Guest-Host drivers or whatever, on Windows. Still, I wouldn't trust something like this if it asks for PII, isn't open-source and leaves traces around on the disk.