4 ENUMERATING OPERATING SYSTEM ARTIFACTS
A normal, “real” user environment looks much different from a malware sandbox or lab environment. A typical user will likely have installed common applications, such as Microsoft Office, email clients, multiple web browsers, and so on. They probably wouldn’t be using a VM, Wireshark, or Procmon, nor are they likely to have installed malware analysis tools such as IDA Pro or sandboxing tools like Cuckoo. A sandbox or lab environment, on the other hand, typically has analysis software installed in a VM.
This is indicated by references to the hypervisor in the names and properties of various operating ...
Get Evasive Malware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
