00:05:69
00:0C:29
00:1C:14
00:50:56
C:\\WINDOWS\\system32\\drivers\\vmmouse.sys
C:\\WINDOWS\\system32\\drivers\\vmhgfs.sys
(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE")
(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 1\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE")
(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 2\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VMWARE")
(HKEY_LOCAL_MACHINE, "SOFTWARE\\VMware, Inc.\\VMware Tools")
Mouse position: if ((position1.x == position2.x) && (position1.y == position2.y))
Generic User Names: VIRUS, SANDBOX, MALWARE, TEST
Sample Path: \\MALWARE, \\VIRUS, \\SAMPLE, \\SANDBOX, \\TEST
Driver: \\\\.\\PhysicalDrive0, C:\\
Sleep Patching:
time1 = GetTickCount();
Sleep(500);
if ((GetTickCount() - time1) > 450 ) return FALSE;
else return TRUE;
Number of Processors:
__asm__ volatile (
"mov %%fs:0x18, %%eax;"
"mov %%ds:0x30(%%eax), %%eax;"
"mov %%ds:0x64(%%eax), %%eax;"
: "=a"(NumberOfProcessors));
return NumberOfProcessors < 2 ? TRUE : FALSE;
Memory Less than 1G:
MEMORYSTATUSEX statex;
statex.dwLength = sizeof (statex);
GlobalMemoryStatusEx(&statex);
return (statex.ullTotalPhys/1024) < 1048576 ? TRUE : FALSE;
(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "QEMU")
(HKEY_LOCAL_MACHINE, "HARDWARE\\Description\\System", "SystemBiosVersion", "QEMU")
GetModuleHandle("sbiedll.dll")
("kernel32.dll", "wine_get_unix_file_name")
(HKEY_CURRENT_USER, "SOFTWARE\\Wine")
"vboxservice.exe" //Process
"vboxtray.exe" //Process
"VirtualBox Shared Folders" //Network Share
"VBoxTrayToolWndClass" //TrayWindow
"VBoxTrayToolWnd" //TrayWindow
"\x08\x00\x27" //MAC Addresses"
"\\\\.\\VBoxMiniRdrDN"
"\\\\.\\pipe\\VBoxMiniRdDN"
"\\\\.\\VBoxTrayIPC"
"\\\\.\\pipe\\VBoxTrayIPC"
"\\system32\\vboxdisp.dll"
"\\system32\\vboxhook.dll"
"\\system32\\vboxmrxnp.dll"
"\\system32\\vboxogl.dll"
"\\system32\\vboxoglarrayspu.dll"
"\\system32\\vboxoglcrutil.dll"
"\\system32\\vboxoglerrorspu.dll"
"\\system32\\vboxoglfeedbackspu.dll"
"\\system32\\vboxoglpackspu.dll"
"\\system32\\vboxoglpassthroughspu.dll"
"\\system32\\vboxservice.exe"
"\\system32\\vboxtray.exe"
"\\system32\\VBoxControl.exe"
"\\oracle\\virtualbox guest additions\\"
"\\system32\\drivers\\VBoxMouse.sys"
"\\system32\\drivers\\VBoxGuest.sys"
"\\system32\\drivers\\VBoxSF.sys"
"\\system32\\drivers\\VBoxVideo.sys"
(HKEY_LOCAL_MACHINE, "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "Identifier", "VBOX")
(HKEY_LOCAL_MACHINE, "HARDWARE\\Description\\System", "SystemBiosVersion", "VBOX")
(HKEY_LOCAL_MACHINE, "SOFTWARE\\Oracle\\VirtualBox Guest Additions")
(HKEY_LOCAL_MACHINE, "HARDWARE\\Description\\System", "VideoBiosVersion", "VIRTUALBOX")
(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\DSDT\\VBOX__")
(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\FADT\\VBOX__")
(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\RSDT\\VBOX__")
(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "SystemBiosDate", "06/23/99")
"SYSTEM\\ControlSet001\\Services\\VBoxGuest"
"SYSTEM\\ControlSet001\\Services\\VBoxMouse"
"SYSTEM\\ControlSet001\\Services\\VBoxService"
"SYSTEM\\ControlSet001\\Services\\VBoxSF"
"SYSTEM\\ControlSet001\\Services\\VBoxVideo"
Powered by Marco Ramilli