Sandboxie detection

#13454 by Buster_BSA
Sun May 27, 2012 7:48 pm

Hi.

Could someone explain what method uses this malware to notice it is being run under Sandboxie, please?

Password: infected
(84.07 KiB) Downloaded 42 times

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am

#13457 by wacked2
Sun May 27, 2012 9:26 pm

I didn't really look because it is VB BUT
It queries the WMI "SELECT * FROM Win32_VideoController"
and aborts on:

VM Additions S3 Trio32/64
S3 Trio32/64
VirtualBox Graphics Adapter
VMware SVGA II
"\x00"

Username

wacked2

Posts

Joined

Sat Dec 17, 2011 3:25 pm

#13458 by Buster_BSA
Sun May 27, 2012 10:36 pm

I know it has VirtualBox and VMWare detections too, but I am interested in Sandboxie detection method.

Thanks anyway.

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am

#13460 by Buster_BSA
Mon May 28, 2012 1:16 am

I found the method already. Thanks anyway.

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am

Display:

Sort by:

Jump to: