Worth a read:
My only question is why would the dropper care whether it's running in a virtual environment? A bit more digging reveals that the malware author is assuming that if his code ends up running in a VM, it's probably a sandbox and being studied, so the malicious code refuses to co-operate. Clever.
Here's the analysis of Cryptowall 2.0, from the same blog:
New Virtual Machines Series in Azure Dublin / North Europe - I was helping troubleshoot something for a customer today when I noticed that some of the newer VM series have finally arrived in Azure’s Dublin / North Eu...
3 hours ago