Can ransomware detect Virtual Environments?

Question

My title says it all but here is a scenario: I download a suspicions file and run it inside a VM.If everything works, I will deploy it to my original PC.

I plan to use these: 1.Oracle VM 2.Vmware 3.Hybrid Analysis

So, can a ransomware detect these at the first place?

Yes, some ransomware can detect some virtual environments. – hft Jun 18 '20 at 23:47 — hft, Jun 18 '20 at 23:47

score 0 · Accepted Answer · answered Jun 19 '20 at 00:41

0

Yes, malware can detect being run under a virtual machine ("sandbox") environment. There are a number of techniques:

Checking how long ago the system booted
Checking the registry for entries associated with VM software
Checking the location in memory of common structures
Checking for files, processes, or services associated with VM software
Checking hardware-specific details like MAC addresses
Checking CPU instructions like MMX that aren't usually found in VMs

Far more detail is available online; I'd suggest googling malware virtual machine detection to begin.

answered Jun 19 '20 at 00:41

gowenfawr

71,975
17
161
198

I was planning to use Hybrid Analysis, can most of the ransomware detect it? – null_override Jun 19 '20 at 04:14
When you say Hybrid Analysis do you mean the product at "hybrid-analysis.com"? If so, you might want to contact their customer support to get an answer to this question. – hft Jun 19 '20 at 07:39
@hft Yes, I mean hybrid-analysis.com.I will contact them. – null_override Jun 19 '20 at 09:23

Can ransomware detect Virtual Environments?

1 Answers1