Bypassing Virtualization and Sandbox Technologies

This report explains a sandbox-evasion technique that checks the number of CPU cores (commonly 1 in many sandbox/VM analysis environments) to decide whether to run malicious payloads; it cites Dyreza banking Trojan usage and notes the technique's inclusion in SET, arguing the method is simple, effective across languages (including PowerShell/Python), and reduces detection by common sandboxing products.