Have no idea why it detects your VM.
You can try dump whole physical memory of VM and then look inside for specific strings. If everything patched well there will be no strings. You refering to 4.3.12 patch, it have two general flaws: PXE boot data (even if no vbox tools installed for this machine, if the vbox extensions pack installed in vbox itself it will replace default PXE boot rom with PXE boot rom from extensions pack) and hardware ID's of PCI bus devices. However I don't think malware authors is way too smart to check this.
You can try dump whole physical memory of VM and then look inside for specific strings. If everything patched well there will be no strings. You refering to 4.3.12 patch, it have two general flaws: PXE boot data (even if no vbox tools installed for this machine, if the vbox extensions pack installed in vbox itself it will replace default PXE boot rom with PXE boot rom from extensions pack) and hardware ID's of PCI bus devices. However I don't think malware authors is way too smart to check this.
Ring0 - the source of inspiration
