Jump to content
Tuts 4 You
Sign in to follow this  
alialiali

unknown malware detection

Recommended Posts

alialiali

hi

Does anyone have a list of sequences or number of repetitive malicious api functions for identifying unknown malware?

For example, a list of the api functions sequence used in virus worms and .etc

If not how can it be reached ?

Share this post


Link to post
Share on other sites
evlncrn8

not all api's are malicious

but looking for things like

createfile in the temp folder then writing to it and closing the handle and then doing a createprocess / shellexecute on it could be something worth flagging for example

to be effective you need a little bit more than just a blacklist of api sequences

or do you mean like the list of api's (imports) in the executable.. if this is what you mean google for 'imphash'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×