Thursday, October 2, 2014

Analysis aware malware

Nice sample of... something... for you here. Analysis aware malware, as per the Cuckoo snippet below, the exe has a good sniff through the registry at the usual telltale keys, before deciding that it is indeed being sandboxed, and this world of pain is too much to bear and terminating itself.


https://www.virustotal.com/en/file/7dc0d616257061c3bdbbdd59e6a035bea4694e0ef8daea420b773446ad2f6ae2/analysis/1412282302/

When I have time, I'll change around some of these settings, as suggested here and see if I can get this little sucker to run... http://blog.prowling.nu/2012/08/modifying-virtualbox-settings-for.html 

No comments:

Post a Comment