Fun concept, but this is security by obscurity. Other heuristics:
- providing fake manifests to hardware drivers commonly associated with virtual machines - active process inspector handles - presence of any software signed by hexrays (the ini file is usually enough)
replies(1):