Two days we came across an interesting sample (MD5: 9437eabf2fe5d32101e3fbf9f6027880, source: ThreatWave). The sample has been unknown at this time and also did not look interesting from a dynamic behavior analysis perspective. However there were some tiny outliers which brought attention to us:
We first ran the sample on a virtual machine. The overall score was suspicious but some of the behavior signatures (up to now Joe Sandbox's Behavior Signature set includes over 850 signatures) detected several anti-VM, anti-sandbox and anti-debugging tricks.
more here.................http://joe4security.blogspot.ch/2015/07/hacking-team-inspired-anti-vm-trick.html