|
|
|
|
|
|
by no-dr-onboard
737 days ago
|
|
|
Fun concept, but this is security by obscurity. Other heuristics: - providing fake manifests to hardware drivers commonly associated with virtual machines
- active process inspector handles
- presence of any software signed by hexrays (the ini file is usually enough) |
|
|
Malware uses signals to determine if they are running in a VM. If we can degrade those signals, they will have to play a cat and mouse game trying to avoid VMs.
The less clear it is if a process is running in a VM, the easier time security researchers will have testing exploits found in the wild.