Use a Fake virtual machine for stopping malware

Not so long ago was a post in which it is revealed that, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Due to the fact that, some threats can also detect monitoring tools used for malware analysis, these malware will not run to seem harmless. It was created a quick proof of concept (POC), to demonstrate the defensive tactics. Some malware use a mutex or registry key (a previous version of Locky).

With the proof of concept and function of creating fake registry keys you can find in Thomas Roccia’s post here. He provides evidence in detail the concept, once again confirming that malware are becoming advanced and more difficult to analyze.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.