Results 1 to 8 of 8

Thread: Relations Between APIs in Malware

  1. #1

    Question Relations Between APIs in Malware

    Dear friends

    does any body has an idea how we can find relationship between APIs that was called in PE?
    i mean that from parameter of APIs or something else we distinguish that 2 APIs or more dependent together or independent.

    Thank you.
    Last edited by mansourweb; April 23rd, 2010 at 16:00.

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Follow the handles.

  3. #3
    Thank you.

    but i don't know what is HANDLE , i don't have source code of the PE.
    would you please help me more.

  4. #4
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    http://lmgtfy.com/?q=What+is+a+handle%3F

  5. #5
    disavowed:

    That "Let Me Google That For You" link is very cool!

    Now if we could figure out how to automate filling in the search term with what those who haven't tried to Google are actually looking for ....

    Regards,
    JMI

  6. #6
    The title of this thread makes me wonder of something else. I kind of wondering if you were looking at a malware on a live stream, can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask.

  7. #7
    Quote Originally Posted by owl View Post
    can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask.
    Is possible to tell if itīs a malware without going into a depth analyzing based on which APIīs are called? Yes. Buster Sandbox Analyzer checks if new files are created and where, what registry keys are added or modified and what internet connections are made to tell if itīs a malware.

    Buster Sandbox Analyzer also checks API calls, of course, but you can get a good idea of what it does without analyzing what APIs are called.

  8. #8
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by owl View Post
    The title of this thread makes me wonder of something else. I kind of wondering if you were looking at a malware on a live stream, can you tell if it is a malware without going into a depth analyzing based on which API's are called? I will research this later but I figure it doesn't hurt to ask.
    Yes, many AV heuristics are based on exactly that.

Similar Threads

  1. What APIs place an icon in the taskbar notification area?
    By zambuka42 in forum The Newbie Forum
    Replies: 11
    Last Post: May 9th, 2009, 13:37
  2. Identifying SDK APIs without a library?
    By 5aLIVE in forum The Newbie Forum
    Replies: 12
    Last Post: January 2nd, 2009, 08:08
  3. New Object Manager Filtering APIs
    By Alex Ionescu Blog in forum Blogs Forum
    Replies: 0
    Last Post: December 10th, 2007, 23:52
  4. List of all String comparing APIs?
    By Aquatic in forum The Newbie Forum
    Replies: 7
    Last Post: February 22nd, 2004, 07:56
  5. About upcoming ollydbg 2.x APIs ..
    By focht in forum Plugins (General)
    Replies: 1
    Last Post: January 17th, 2004, 16:48

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •