alialiali Posted June 30, 2018 Share Posted June 30, 2018 hi Does anyone have a list of sequences or number of repetitive malicious api functions for identifying unknown malware? For example, a list of the api functions sequence used in virus worms and .etc If not how can it be reached ? Link to comment Share on other sites More sharing options...
evlncrn8 Posted July 1, 2018 Share Posted July 1, 2018 not all api's are malicious but looking for things like createfile in the temp folder then writing to it and closing the handle and then doing a createprocess / shellexecute on it could be something worth flagging for example to be effective you need a little bit more than just a blacklist of api sequences or do you mean like the list of api's (imports) in the executable.. if this is what you mean google for 'imphash' Link to comment Share on other sites More sharing options...
oopsdonefu Posted July 7, 2018 Share Posted July 7, 2018 Maybe this can help https://github.com/NtRaiseHardError/UnRunPE/blob/master/UnRunPE/UnRunPE/static.cpp#L11 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now