I am trying to make a sandbox in order to examine behavior of malware. In order to provoke malware execution I need to make VM to be undetectable by malware. I am using VirtualBox, and VirtualBox loads some Kernel modules(vboxguest and vboxvideo) on Linux guest machine. By searching for that modules malware can find out that is executed in VM, and it won't show malicious behavior. I want to hide those modules(e.g. by renaming them or unloading them). For now I have managed to unload vboxguest.ko but I can't unload vboxvideo.ko(ERROR it is used and it can't be unloaded).

For now I have tried to compile that module on my own and to make identical module but with different name. I have blacklisted vboxvideo.ko, and I have put my module(mvideo.ko) to be loaded in boot time. When I reboot my VM is not working(black screen). Apparently it needs vboxvideo module to be loaded with exact name.

Is there any workaround for this?

Best regards,
Igor Vurdelja