Q:
3. What happens when each anti-VM technique succeeds?
Q:
4. Which of these anti-VM techniques work against your virtual machine?
Q:
5. Why does each anti-VM technique work or fail?
Q:
6. How could you disable these anti-VM techniques and get the malware to run?
Analyze the malware found in the file Lab17-02.dll inside VMware. After answering the first question in this lab, try to run the installation exports using rundll32.exe and monitor them with a tool like procmon. The following is an example command line for executing the DLL:
rundll32.exe Lab17-02.dll,InstallRT (or InstallSA/InstallSB)
Analyze the malware Lab17-03.exe inside VMware. This lab is similar to Lab12-02.exe, with added anti-VMware techniques.