BareBox: Efficient Malware Analysis on Bare-Metal

Present-day malware analysis techniques use both virtualized and emulated environments to analyze malware. The reason is that such environments provide isolation and sys-tem restoring capabilities, which facilitate automated analysis of malware samples. However, there exists a class of malware, called VM-aware malware, which is capable of detecting such environments and then hide its malicious behavior to foil the analysis. Because of the artifacts introduced by virtualization or emulation layers, it has always been and will always be possible for malware to detect virtual environments.

Provided by: University Of California, San Diego (Calit2) Topic: Security Date Added: Dec 2011 Format: PDF

Find By Topic