Malware
47

malware sandbox evasion in x64 assembly by checking ram size with technique trick






  23-Aug-2022 16:00:53



What to expect

In this blog post I'll be making a code snippet that showcases how to get the size of a computer's RAM in C. I will then convert this code into x64 assembly, mostly for me to practice writing in it, but also so that we can understand it better.

Checking the memory

The idea behind this evasion technique is simple. Most modern user machines will have at least around 4GB of RAM. Anything lower than that can be an indication that the machine is probably a sandbox (To save costs). While it's not exactly fool-proof, it can be used with other techniques to have a better idea of the machine.


There are two available APIs to get the memory size of a computer on Windows: GetPhysicallyInstalledSystemMemory and GlobalMemoryStatusEx. The former lists the physically installed RAM from the BIOS, while the latter lists the amount available for the operating system to use. Note that the values returned from these two functions will be different but from my tests the difference is only a few hundreds of bytes. Any of these two we can use for our purpose.


Using GetPhysicallyInstalledSystemMemory

Calling GetPhysicallyInstalledSystemMemory in C is simple: 

#include <stdio.h>
#include <windows.h>

int main(void)
{
    unsigned long long memory_size = 0;
    GetPhysicallyInstalledSystemMemory(&memory_size);
    printf("Memory size: %lld\n", memory_size);
}

Read more on article : https://www.accidentalrebel.com/malware-sandbox-evasion-in-x64-assembly-by-checking-ram-size-part-1.html 

Malware Evasion Techniques 

- https://unprotect.it/ 

https://unprotect.it/map/  

https://unprotect.it/technique/api-obfuscation/ 
 


DISCUSSION
Nothing comment here :(
Login for comment and discussion.
Login Here
Sponsored

Oppss... No sponsors yet

Popular Posts
Complete Basic Course in Kali...
Djie sam soe Djie sam soe
Linux
10378
2
Top

Gps Tracker Seccodeid Free Too...
Djie sam soe Djie sam soe
General
7257
167
Top

Free Proxy List
Sandidi Sandidi
Networking
3071
3
Top

Mass Reverse IP Unlimited
ImamWawe ImamWawe
Tools Hacking
2376
12
Top

Report McAfee Antivirus Hurrri...
Indrasp Indrasp
Windows
1708
93
Top

Related Post

Youtube Video

Subscribe