System and method for preventing malware evasion

摘要

A computerized method that assists in preventing malware from evading detection through analysis of the virtual hardware components operating within a malware detection system is described. First, a virtual machine (VM) is provisioned in accordance with a guest image, which includes a guest operating system and one or more virtual hardware component. The virtual hardware component including an identifier, and the guest operating system includes a software driver that controls access to the virtual hardware component and features the identifier of the virtual hardware component. Responsive to processing an object within the VM and issuance of a request for an identifier of a hardware component, the identifier of the first virtualized hardware component (virtualization of the hardware component) is received. The first identifier of the first virtual hardware component being an identifier substituted for a prior identifier of the first virtual hardware component before creation of the guest image.