Anti-emulation tricks
Anti-emulation or anti-automated analysis are methods employed by a program to prevent moving further in its code if it identifies that it is being analyzed. The behavior of a program can be logged and analyzed using automated analysis tools such as Cuckoo Sandbox, Hybrid Analysis, and ThreatAnalyzer. The concept of these tricks is in being able to determine that the system in which a program is running is controlled and was set up by a user.
Here are some things that distinguish a user-controlled environment and an automated analysis controlled system from each other:
- A user-controlled system has mouse movement.
- User controlled systems can include a dialog box that waits for a user to scroll down and then click on a button.
- The setup of an automated analysis system has the following attributes:
- A low amount of physical memory
- A low disk size
- The free space on the disk may be nearly depleted
- The number of CPUs is only one
- The screen size is too small
Simply setting up a task...
