Advanced File Analysis System

Malware Analysis System Evasion

Detects Sandboxie through the presence of a library Show sources

file_query

sbiedll

Hooking and other Techniques for Hiding Protection

Creates RWX memory Show sources

injection_rwx_memory

0x00000040, NtAllocateVirtualMemory or VirtualProtectEx

Executed a process and injected code into it, probably while unpacking Show sources

code_injection

1c8fa769548b32928a92c0a5adb487fb045f21e1.exe(2352) -> 1c8fa769548b32928a92c0a5adb487fb045f21e1.exe(2460)

HIPS/ PFW/ Operating System Protection Evasion

Detects Avast Antivirus through the presence of a library Show sources

file_query

snxhk