Skip to content

0x534a/dynmx-signatures

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dynmx Signatures

This repository contains sample dynmx signatures for detecting malware features in API call traces. The signatures can be used with the tool dynmx which can be found in this repository. Please consider that the signatures are developed based on the MSDN definition of API calls and are tested with VMRay function logs only. If the sandbox API trace does not comply with the MSDN in terms of naming API functions and arguments, the signatures will not work. In this case, you will need to adapt the signatures according to the naming used by the individual sandbox.

For the an in-detail description of the features of the dynmx signature DSL and the syntax, please refer to the corresponding master thesis Signature-Based Detection of Behavioural Malware Features with Windows API Calls.

About

Sample signatures for dynmx

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published