How Malware Evades Sandbox Analysis

Malware authors use 3 categories of techniques to conceal the real behavior of malicious files and evade analysis.

Learn More

How VMRay Analyzer Works

See how our agentless hypervisor-based monitoring approach analyzes and detects threats that other approaches can’t.

More videos


Jaff Ransomware Hiding in a PDF document

The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished product to the victims. Embedding […]

Read More “Jaff Ransomware Hiding in a PDF document”

Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

About one month ago, the Shadow Brokers hacker group published a set of NSA hacking tools, that included zero-day exploits. One of these exploits is known as the ETERNALBLUE Server Message Block Protocol (SMB) vulnerability (MS17-010). It was only a matter of time before the inevitable happened. A malware author used this vulnerability to spread ransomware […]

Read More “Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability”

Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer

A new variant of Cerber ransomware is in the wild and has built-in anti-sandbox tools to detect hooking-based sandbox environments, as explained in this article by Cyphort. The limitations of a hooking-based approach, where a driver is injected into the target environment and ‘hooks’ API calls,  allow the malware to easily detect the analysis environment. This […]

Read More “Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer”

See all posts