To analyze malware files we are using virtual machine and virtual box but some of malware detect the environment and will not do its work properly.
I want to know how to test malware files with out using virtual environment.
Can i use my host system for testing malware files? If i use host machine for malware testing, how to recover it after infection? Is it possible or not, otherwise give me some idea how can i do this?
Thanks in advance.
I want to know how to test malware files with out using virtual environment.
Check out the answers in the following, similar, question:
Analysing malware in a real environment (non-virtual environment)
TL;DR: Check out Faronics Depp Freeze for example.
I recommend reading the answers as a whole.
In addition, read the answers to the following question on Security.SE:
Can i get 100% protection from virus by using Deep Freeze?
Can i use my host system for testing malware files?
This is highly not recommended. Unless this is a physical machine dedicated to run malware samples and you have the means to restore the original state of the machine.
some of malware detect the environment and will not do its work properly.
Read about anti-anti evasion techniques and how to harden your virtual amchine against VM-aware malware samples, there are tons of articles online.
For example:
Making Virtualbox nearly undetectable
Hardening Cuckoo Sandbox against VM aware malware
Use KVM. Most of the time malwares will try to detect VMWare and Virtualbox based artifacts.
