Time accelerated checks
Overview
"Time accelerated checks" refer to a technique used in sandbox evasion where the malware program detects if it is being executed in a virtual environment, such as an antivirus sandbox, by analyzing the time interval between certain system events.
In a typical sandbox environment, the execution of the malware program is isolated from the host system, which means that some system events may take longer to occur than they would on a real system. By analyzing the time interval between specific events, the malware can detect if it is running in a sandbox and evade detection.
For example, a malware program may use a timer to measure the time interval between two specific system events, such as the creation of a file and its subsequent modification. If the time interval is shorter than a certain threshold, the malware assumes that it is running in a sandbox environment and terminates its malicious behavior to avoid detection.
Code example
Last updated