WINDOWS API HOOKING LIBRARIES RESEARCH / WINDOWS API FUNKCIJŲ SEKŲ PERĖMIMO BIBLIOTEKŲ TYRIMAS

Towards Generic Deobfuscation of Windows API Calls

A common way to get insight into a malicious program’s functionality is to look at which API functions it calls. To complicate the reverse engineering of their programs, malware authors deploy API obfuscation techniques, hiding them from analysts’ eyes and anti-malware scanners. This problem can be partially addressed by using dynamic analysis; that is, by executing a malware sample in a contro...

Malware Characterization Using Windows API Call Sequences

Reining In Windows API Abuses with In-lined Reference Monitors

Malware attacks typically effect damage by abusing operating system resources (e.g., the file system) that are exposed via system API calls. A method of using automated binary code-rewriting to monitor API calls and their arguments is presented and evaluated. Unlike traditional monitoring approaches, the framework requires no modification of the operating system, has no effect upon trusted proc...

Malware Detection using Windows API Sequence and Machine Learning

Monitoring the behavior of program execution at run-time is widely used to differentiate benign and malicious processes executing in the host computer. Most of the existing run-time malware detection methods use the information available in Windows Application Programming Interface (API) calls. The proposed malware detection system uses the Windows API call sequence. A 3rd order Markov chain (i...

User-mode API for Tape Libraries

Tape libraries are becoming more commonplace in various installations whether they are used for automatic backups archive or on line storage This work represents a freely distributable user mode C library that implements various SCSI commands of the Exabyte EXB unit