Skip to main content

Table 3 Case analysis of DeepMal

From: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection

Malware Dynamic event
case1: Trojan horses ...
  FILE:GetAdaptersAddresses
  FILE:CreateToolhelp32Snapshot
  Load system.dll into the memory
  FILE:Writing file to temporary directory
  PROCESS:CopyFileW
  FILE:Deleting spawned process
  FILE:Execute:[system] taskkill.exe
  ...
case2: Backdoors ...
  FILE:Get the meterpreter session
  FILE:Automatically Configure the Registry
  Start Netcat
  Establish TCP connections
  ...
case3: Ransomware ...
  FILE:Writing file to temporary directory
  FILE:Write:[windows error reporting queue]
  FILE:Execute:[system] mssecsvc.exe
  REGISTRY: Win32API function CryptGenKey
  ...
  Call ReadFile reads the binary into memory
  FILE:SeDebugPrivilege...
  REGISTRY:HKEY_LOCAL_MACHINE
  ...