Sandbox Feeling

Sandbox evasion techniques are increasingly being used by malware writers. From the point of victim's side, these malware features can be put to good use by imitating some sandbox characteristics to fool the malware into thinking they're running in a sandbox, so to avoid detection they'll simply quit running or stay dormant.

While there are many things you can do, I've quickly created a few lines of code which are pretty safe to use without breaking some other things in your windows installation. (And guess what, there's no guarantee, backup!)

Unzip the file and run the install.bat with administrator privileges.
The modifications are like following:

  • Create some fake processes that'll run at startup. (procdump.exe, sandboxie.exe, VBoxService.exe, wireshark.exe)
  • Create fake driver files under windows\system32\drivers directory.
  • Create virtual box guest additions directory.

Check source code for more information and make your customizations.

Download: SandBoxFeeling-v0.2b.zip