A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #23725  by EP_X0FF
 Fri Aug 29, 2014 9:49 am
Have no idea why it detects your VM.

You can try dump whole physical memory of VM and then look inside for specific strings. If everything patched well there will be no strings. You refering to 4.3.12 patch, it have two general flaws: PXE boot data (even if no vbox tools installed for this machine, if the vbox extensions pack installed in vbox itself it will replace default PXE boot rom with PXE boot rom from extensions pack) and hardware ID's of PCI bus devices. However I don't think malware authors is way too smart to check this.