Skip to main content

Table 4 The features extracted from Sandbox

From: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection

Sandbox Features
Cuckoo API call during Execution
  Registry Keys
  IP address and DNS queries
  Access URLs
  Summary information
  File operations
VirusTotal File System Action (Files Open, Files Written, Files deleted, Files Copied)
  Process and Service Action (Process Created, Shell Commands, Process Injected)
  Synchronization Mechanisms and Signals (Mutexes Created, ShimCacheMutex)