Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement and resolve #9, MalAPI Script for Malware Analysis #11

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Implement and resolve #9, MalAPI Script for Malware Analysis #11

wants to merge 4 commits into from

Conversation

An00bRektn
Copy link

@An00bRektn An00bRektn commented Jan 3, 2022
edited
Loading

Hi! Here are the changes:

  • Corrected a typo or two in the comments
  • Added pefile to imports to be able to inspect Import Address Table
  • Added class method save_imports() to write API calls to a csv including a description, details from malapi.io, and whether or not that API call may be malicious
  • Integrated Squiblydoo's MalAPIReader pretty much as closely as I could

This includes known bugs from Squiblydoo's program:

The script does not yet account for difference between Unicode and ANSI versions of API. That functionality will need to be implemented later. At this time, it will fail to find the API in the table if the API in the IAT does not match the MalAPI version exactly.

It's hard to really fix the second issue (effectively and cleanly, that is) mentioned as MalAPI doesn't actually have an API, so it's noted by an info message in the notebook output.

Thank you for your time. This project is neat!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@An00bRektn