Jump to content
Tuts 4 You

unknown malware detection


Recommended Posts


Does anyone have a list of sequences or number of repetitive malicious api functions for identifying unknown malware?

For example, a list of the api functions sequence used in virus worms and .etc

If not how can it be reached ?

Link to comment
Share on other sites

not all api's are malicious

but looking for things like

createfile in the temp folder then writing to it and closing the handle and then doing a createprocess / shellexecute on it could be something worth flagging for example

to be effective you need a little bit more than just a blacklist of api sequences

or do you mean like the list of api's (imports) in the executable.. if this is what you mean google for 'imphash'

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...