Anti-VM tricks
This trick's aim is to exit the program when it identifies that it is running in a virtualized environment. The most typical way to identify being in a VM is to check for specific virtualization software artifacts installed in the machine. These artifacts may be located in the registry or a running service. We have listed a few specific artifacts that can be used to identify being run inside a VM.
VM running process names
The easiest way for a program to determine whether it is in a VM is by identifying known file names of running processes. Here's a list for each of the most popular pieces of VM software:
Virtualbox | VMWare | QEMU | Parallels | VirtualPC |
|
|
|
|
|
Existence of VM files and directories
Identifying the existence of at least one of the VM software's files can tell if the program is running in a virtual machine. The following...