AVLeak: Fingerprint Antivirus Emulators for Advanced Malware Evasion

by Alexei Bulazel Sept. 14, 2017 via www.blackhat.com submitted by belen_caty

AVLeak is a tool for fingerprinting consumer antivirus emulators through automated black box testing. AVLeak can be used to extract fingerprints from AV emulators that may be used by malware to detect that it is being analyzed and subsequently evade detection, including environmental artifacts, OS API behavioral inconsistencies, emulation of network connectivity, timing inconsistencies, process introspection, and CPU emulator "red pills."

https://www.blackhat.com/us-16/briefings.html#avleak-fingerprinting-antivirus-emulators-for-advan...

Avatar
Steven Ulm 1 month ago

Malware gets smarter and smarter with each day, from what I see... Fingerprint Antivirus Emulators - this is crazy :)

Reply