Deciphering GuLoader and XMRig:
Unmasking evasion tactics

Follow a step-by-step walkthrough to see what you can get through advanced malware analysis on VMRay.

In this chapter, we will dive into two practical examples that demonstrate how the VMRay platform effectively detects evasion techniques employed by malware. 

These real-world demonstrations illustrate VMRay’s superior capabilities in identifying and analyzing sophisticated and evasive threats.

Evasion techniques of GuLoader malware

The first example centers around GuLoader malware, a loader known for its adeptness at bypassing security controls and delivering malicious payloads. GuLoader employs various anti-analysis techniques, such as unaligned system calls and checks for the presence of debuggers or virtualized environments, to evade traditional security measures. 

The video will provide a glimpse into the analysis report, showcasing VMRay’s ability to uncover and counter these evasion tactics. Join us as we uncover how VMRay’s advanced sandboxing technology triumphs over GuLoader’s evasion attempts.

Evasion techniques of XMRig

In the following demonstration, we’ll delve into the intricate world of XMRig, a multifaceted malware that operates both as a cryptocurrency miner and a stealer. XMRig exhibits a wide array of evasion techniques, making it a challenging adversary for traditional security systems. 

From manipulating system time to elongate its dormancy period to outsmarting attempts to detect debuggers, antivirus software, or virtualized environments, XMRig employs a comprehensive arsenal of tactics to evade scrutiny. Our analysis will unveil the intricacies of this malware, shedding light on VMRay’s exceptional capability to dissect and counter its evasion strategies. Witness how VMRay’s advanced sandbox technology deciphers the complexities of XMRig and exposes its hidden behaviors, providing invaluable insights into its malicious activities.

In the comprehensive exploration of XMRig, we will uncover not only its efforts to avoid detection through anti-analysis and persistence mechanisms but also its relentless quest to identify the presence of various security and sandboxing tools. As we examine these multifaceted evasion techniques, you’ll gain a deeper understanding of the sophistication that modern malware employs to evade detection.

See VMRay in action.
Detect and analyze even the most evasive malware and phishing threats.

Further resources


Single source of truth for effective security automation


Checkmate: How sandbox evasion can stall automation

Watch our webinar from at SANS EDR / XDR Solutions Forum


The most advanced malware and phishing sandbox

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator