Reputation: 11
How to find equivalent APIs of static analysis report in dynamic report?
I have two reports of static and dynamic malware analysis, really there are some APIs of MSVCRT's dll in my static report (such as _p_commode,_setusermatherr ,...) that there aren't in dynamic report. I don't know exactly does have equivalent APIs in dynamic report or not? And why they aren't in dynamic report?
Upvotes: 0
Views: 99
Answers (1)
Reputation: 191
Dynamic reports are created when you run a malware in a sandbox for a limited time and monitor it's behavior. for example you run a malware exe file in a sandbox or virtual system like vmware or virtual box for two minutes and monitor the API calls for that malware BUT there is no guarantee that malware execute all APIs in two minutes!!!. Maybe some APIs are event-based for example when victim visits google.com page, malware execute some code or when user visit a page with titles like 'bank' , 'login' or ... the malware calls keyboard monitoring API to log the keyboard.
Upvotes: 1
Related Questions
- How to get report bytes in 21.208
- Rosyln/NetAnayzers/Stylecop Analyzers: Generate Inspection Report
- How to build a static code analysis tool?
- Python Reporting Frameworks
- Static Analysis Tool to generate report
- List of function calls in static code analyzer tools
- Open Source Static Code Analysis Models
- Static Analysis API's?
- Static Code Analysis through API
- Static analysis tool customization for any language