I have two reports of static and dynamic malware analysis, really there are some APIs of MSVCRT's dll in my static report (such as _p_commode,_setusermatherr ,...) that there aren't in dynamic report. I don't know exactly does have equivalent APIs in dynamic report or not? And why they aren't in dynamic report?
Asked
Active
Viewed 91 times
0
Siong Thye Goh
- 3,518
- 10
- 23
- 31
Shirin
- 11
- 3
-
Is that a question? – Wez Jul 26 '16 at 10:34
-
really I want know why for example __p__commode API is in my static report but there isn't in dynamic report? – Shirin Jul 26 '16 at 14:07
-
I didn't understand the question until I read Sourena's answer. +1 for both. – Ira Baxter Aug 23 '16 at 10:18
1 Answers
1
Dynamic reports are created when you run a malware in a sandbox for a limited time and monitor it's behavior. for example you run a malware exe file in a sandbox or virtual system like vmware or virtual box for two minutes and monitor the API calls for that malware BUT there is no guarantee that malware execute all APIs in two minutes!!!. Maybe some APIs are event-based for example when victim visits google.com page, malware execute some code or when user visit a page with titles like 'bank' , 'login' or ... the malware calls keyboard monitoring API to log the keyboard.
Sourena
- 181
- 5