Registry-virtualization-detection

From aldeid
Jump to navigation Jump to search

VMware registry keys

Here is the example of a malware that detects the presence of VMware because of the registry keys (VMware tools installed). As a consquence, the malware removes itself and stops executing.

Malware-detecting-vmwaretools.png

In the above example, removing the HKLM\SOFTWARE\VMware, Inc registry key enables to bypass the protection:

Remove-vmware-registry-key.png