alialiali Posted June 30, 2018 Posted June 30, 2018 hi Does anyone have a list of sequences or number of repetitive malicious api functions for identifying unknown malware? For example, a list of the api functions sequence used in virus worms and .etc If not how can it be reached ?
evlncrn8 Posted July 1, 2018 Posted July 1, 2018 not all api's are malicious but looking for things like createfile in the temp folder then writing to it and closing the handle and then doing a createprocess / shellexecute on it could be something worth flagging for example to be effective you need a little bit more than just a blacklist of api sequences or do you mean like the list of api's (imports) in the executable.. if this is what you mean google for 'imphash'
oopsdonefu Posted July 7, 2018 Posted July 7, 2018 Maybe this can help https://github.com/NtRaiseHardError/UnRunPE/blob/master/UnRunPE/UnRunPE/static.cpp#L11
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now