Author: blackhat401
Subject: Malware analysis question
Posted: 19 December 2014 at 5:28pm
Hello All,
Subject: Malware analysis question
Posted: 19 December 2014 at 5:28pm
Hello All,
I was trying to understand why the following function calls were categorized as Anti-Emulation/VM Detection. I am curious to know what information does it cough up to infer that the malware is running under a VM. I saw this on one of the automated reports.
GetVersionExW@KERNEL32.DLL
GetVersionExW@KERNEL32.DLL
GetVersionExA@KERNEL32.DLL
GetVersionExW@KERNEL32.DLL
GetVersionExA@KERNEL32.DLL
Many Thanks!