Checking the virtual machine through the number of SMBIOS tables

ayoubfaouzi / al-khaser

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

GNU General Public License v2.0

5.94k stars 1.18k forks source link

Checking the virtual machine through the number of SMBIOS tables #267

Closed CyberGreg05 closed 9 months ago

CyberGreg05 commented 9 months ago

Hello. By the number of SMBIOS tables you can detect VM. For example, Virtual box and Qemu have only 10 SMBIOS tables. On a real table machine there will be at least 100 SMBIOS tables.

ayoubfaouzi commented 9 months ago

LGTM, great addition, thank you !