Malware authors have a problem: they want their software to run aggressively when no one is looking at it, but to shut down entirely if the device it's running on is actually in some malware researcher's lab. So malware authors have a whole host of tricks they use to determine whether they're running on a device in the field, or inside a researcher's emulator where all of their secrets are laid bare.