A nontrivial portion of today's malware apparently includes code that detects the presence of virtual machines and changes behavior accordingly. Thus, it would seem that a good way to spot malware would be to detect virtual machine detection code via signature. Does anybody know of any software that detects the presence of virtual machine detection code? Preferably this signature detection would take place in code that is already active, after any packers, encrypters, etc have finished their task. I know of one thus far - SysAnalyzer (http://labs.idefense.com/software/malcode.php). Does anybody know of any other such software?