Screen Resolution

Sandbox are not used to work as a normal user environment, so most of the time the screen resolution stay at the minimum 800x600 or lower. No one is actually working on a such small screen. Malware could potentially detect the screen resolution to determine if it’s a user machine or a sandbox.

Code Snippets

#include "wtypes.h"
#include <iostream>
using namespace std;

1024x768 can be used for automated Sandbox
800x600 can be used for automated Sandbox
640x480 can be used for automated Sandbox

void GetResolution(int& horiz, int& verti)
   RECT desktop;
   const HWND hDesktop = GetDesktopWindow();
   GetWindowRect(hDesktop, &desktop);
   horiz = desktop.right;
   verti = desktop.bottom;

int main()
   int horiz = 0;
   int verti = 0;
   GetResolution(horiz, verti);

   if(horiz < 1024)
      cout << "[!] Looks like you run in a sandbox!"<< '\n';

   cout << "[+] Screen resolution: "<< horiz << "x" << verti << '\n';
   return 0;

Additional Resources

Subscribe to our Newsletter and don't miss important updates