drop pe binaries or shellcode · detect malware that only executes in specific environments · domain checks · username checks · hostname checks · sleep-based evasion · vm detection strings · anti-analysis patterns · runs locally
drop PE · ELF · shellcode blobs