AVLeak: Fingerprint Antivirus Emulators for Advanced Malware Evasion

by Alexei Bulazel
Sept. 14, 2017 1 comment www.blackhat.com belen_caty avleak

AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract fingerprints from AV emulators that may be used by malware to detect that it is being analyzed and subsequently evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, process introspection, and CPU emulator "red pills."


Steven Ulm 9 months ago

Malware gets smarter and smarter with each day, from what I see... Fingerprint Antivirus Emulators - this is crazy :)