A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #2813  by kiskav
 Mon Sep 20, 2010 6:27 pm
Hi All,

I have VMware Version - 7.1.1 build-282343

In which, Many installers aren't getting installed. I get a Send/Dont send window & DRWatson process terminates the Installer process. Hope, these malwares are detecting that its been tested in VM.

Here is the picture of what happens to the installer before its killed.

Image
Note: enable this setting in vmx configuration file to bypass VMware identification (VMX backdoor) by some lazy malware.

monitor_control.restrict_backdoor = "TRUE"
I have added the above script suggested by Ep_Xoff. But, still NO GO. Any other Suggestion would be appreciated.

The sample i am trying to install is attached below.
Attachments
pwd: malware
(152.68 KiB) Downloaded 31 times
 #3207  by driverobject
 Sun Oct 24, 2010 3:44 pm
If Dr. Watson is catching the crash, it means it is the installed debugger. Based on that you should have a dump file generated at the below address:
Code: Select all
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
Attach this user.dmp and I can try and understand why it fails to install.