View Full Version : Relations Between APIs in Malware
mansourweb
April 23rd, 2010, 14:05
Dear friends
does any body has an idea how we can find relationship between APIs that was called in PE?
i mean that from parameter of APIs or something else we distinguish that 2 APIs or more dependent together or independent.
Thank you.
disavowed
April 23rd, 2010, 20:10
Follow the handles.
mansourweb
April 24th, 2010, 15:54
Thank you.
but i don't know what is HANDLE , i don't have source code of the PE.
would you please help me more.
disavowed
April 24th, 2010, 18:22
http://lmgtfy.com/?q=What+is+a+handle%3F
JMI
April 24th, 2010, 20:51
disavowed:
That "Let Me Google That For You" link is very cool!
Now if we could figure out how to automate filling in the
search term with what those who haven't tried to Google are actually looking for ....
Regards,
owl
April 26th, 2010, 09:41
The title of this thread makes me wonder of something else. I kind of wondering if you were looking at a malware on a live stream, can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask.
VirusBuster
April 26th, 2010, 09:50
Quote:
[Originally Posted by owl;86313]can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask. |
Is possible to tell if it愀 a malware without going into a depth analyzing based on which API愀 are called? Yes. Buster Sandbox Analyzer checks if new files are created and where, what registry keys are added or modified and what internet connections are made to tell if it愀 a malware.
Buster Sandbox Analyzer also checks API calls, of course, but you can get a good idea of what it does without analyzing what APIs are called.
disavowed
April 26th, 2010, 21:26
Quote:
[Originally Posted by owl;86313]The title of this thread makes me wonder of something else. I kind of wondering if you were looking at a malware on a live stream, can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask. |
Yes, many AV heuristics are based on exactly that.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.