Malware
228

malware sandbox evasion in x64 assembly by checking ram size with technique trick






  23-Aug-2022 16:00:53



What to expect

In this blog post I'll be making a code snippet that showcases how to get the size of a computer's RAM in C. I will then convert this code into x64 assembly, mostly for me to practice writing in it, but also so that we can understand it better.

Checking the memory

The idea behind this evasion technique is simple. Most modern user machines will have at least around 4GB of RAM. Anything lower than that can be an indication that the machine is probably a sandbox (To save costs). While it's not exactly fool-proof, it can be used with other techniques to have a better idea of the machine.


There are two available APIs to get the memory size of a computer on Windows: GetPhysicallyInstalledSystemMemory and GlobalMemoryStatusEx. The former lists the physically installed RAM from the BIOS, while the latter lists the amount available for the operating system to use. Note that the values returned from these two functions will be different but from my tests the difference is only a few hundreds of bytes. Any of these two we can use for our purpose.


Using GetPhysicallyInstalledSystemMemory

Calling GetPhysicallyInstalledSystemMemory in C is simple: 

#include <stdio.h>
#include <windows.h>

int main(void)
{
    unsigned long long memory_size = 0;
    GetPhysicallyInstalledSystemMemory(&memory_size);
    printf("Memory size: %lld\n", memory_size);
}

Read more on article : https://www.accidentalrebel.com/malware-sandbox-evasion-in-x64-assembly-by-checking-ram-size-part-1.html 

Malware Evasion Techniques 

- https://unprotect.it/ 

https://unprotect.it/map/  

https://unprotect.it/technique/api-obfuscation/ 
 

*Beware click the link!


DISCUSSION
Nothing comment here :(
Login for report, comment and join discussion
Login Here
Sponsored

Popular Posts
Gps Tracker Seccodeid Free Too...
General
21165
202
Top


Djie sam soe Djie sam soe
Complete Basic Course in Kali...
Linux
14157
4
Top


Djie sam soe Djie sam soe
Komintod (Ministry of Communic...
Data Leak
6396
70
Top


Murtad methamphetamine Murtad methamphetamine
Free Proxy List
Networking
3596
3
Top


Sandidi Sandidi
Mass Reverse IP Unlimited
Tools Hacking
3314
13
Top


ImamWawe ImamWawe

Related Post

Youtube Video

Subscribe