From: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection
Malware | Dynamic event |
---|---|
case1: Trojan horses | ... |
FILE:GetAdaptersAddresses | |
FILE:CreateToolhelp32Snapshot | |
Load system.dll into the memory | |
FILE:Writing file to temporary directory | |
PROCESS:CopyFileW | |
FILE:Deleting spawned process | |
FILE:Execute:[system] ∖taskkill.exe | |
... | |
case2: Backdoors | ... |
FILE:Get the meterpreter session | |
FILE:Automatically Configure the Registry | |
Start Netcat | |
Establish TCP connections | |
... | |
case3: Ransomware | ... |
FILE:Writing file to temporary directory | |
FILE:Write:[windows error reporting queue] | |
FILE:Execute:[system] ∖mssecsvc.exe | |
REGISTRY: Win32API function CryptGenKey | |
... | |
Call ReadFile reads the binary into memory | |
FILE:SeDebugPrivilege... | |
REGISTRY:HKEY_LOCAL_MACHINE | |
... |