Skip to content
This repository was archived by the owner on Mar 21, 2025. It is now read-only.

Implement and resolve #9, MalAPI Script for Malware Analysis#11

Open
An00bRektn wants to merge 4 commits intomttaggart:mainfrom
An00bRektn:main
Open

Implement and resolve #9, MalAPI Script for Malware Analysis#11
An00bRektn wants to merge 4 commits intomttaggart:mainfrom
An00bRektn:main

Conversation

@An00bRektn
Copy link

@An00bRektn An00bRektn commented Jan 3, 2022
edited
Loading

Hi! Here are the changes:

  • Corrected a typo or two in the comments
  • Added pefile to imports to be able to inspect Import Address Table
  • Added class method save_imports() to write API calls to a csv including a description, details from malapi.io, and whether or not that API call may be malicious
  • Integrated Squiblydoo's MalAPIReader pretty much as closely as I could

This includes known bugs from Squiblydoo's program:

The script does not yet account for difference between Unicode and ANSI versions of API. That functionality will need to be implemented later. At this time, it will fail to find the API in the table if the API in the IAT does not match the MalAPI version exactly.

It's hard to really fix the second issue (effectively and cleanly, that is) mentioned as MalAPI doesn't actually have an API, so it's noted by an info message in the notebook output.

Thank you for your time. This project is neat!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@An00bRektn