You can add Active Rootkit Detector and gethiddenfiles from http://www.expertsec.com/download.html
Very interesting ideea :) , but fortunatelly I have saw some emulators (some used by AV companies) that can handle this trick ;-)
You are right :) ... if you are referring to an old generation of emulators :P . But new ones are beeing developed to be more closely related...
My point is that an emulator is different than a Virtual Machine and is harder to detect it. By the way, speed profiling is good for old...
Because it's much slower, some AV companies have implemented only a partial emulator and others are thinking/trying to implement Dynamic Translation.
For example you can use the SIDT (Store Interrupt Descriptor Table Register) to see if you are running inside a virtual machine. A good emulator...
Emulation is much more than that. You can use an emulator for unpacking or to decrpyt some code, it can help in signature detection or in...
I have tested both on a set of infected samples and on a set of clean files. The result is that Avira is having too much false alarms. On the...
Separate names with a comma.
