Table 4 The features extracted from Sandbox
From: DeepMal: maliciousness-Preserving adversarial instruction learning against static malware detection
Sandbox | Features |
|---|---|
Cuckoo | API call during Execution |
| Â | Registry Keys |
| Â | IP address and DNS queries |
| Â | Access URLs |
| Â | Summary information |
| Â | File operations |
VirusTotal | File System Action (Files Open, Files Written, Files deleted, Files Copied) |
| Â | Process and Service Action (Process Created, Shell Commands, Process Injected) |
| Â | Synchronization Mechanisms and Signals (Mutexes Created, ShimCacheMutex) |