Mohd. Shaid, S. Z. and Maarof, M. A. (2015) In memory detection of Windows API call hooking technique. In: 2nd International Conference on Computer, Communications, and Control Technology, I4CT 2015, 21-23 Apr 2015, Kuching, Sarawak.
|
PDF
601kB |
Abstract
API call hooking is a technique that malware researchers use to mine malware's API calls. These API calls is used to represent malware's behavior, for use in malware analysis, classification or detection of samples. In this paper, analysis of current Windows API call hooking techniques is presented where surprisingly, it was found that detection of each technique can be done trivially in memory. This could lead to malware being able to sense the presence of API call hooking techniques and modifying their behavior during runtime. Suggestions for a better API call hooking technique are presented towards the end of the paper.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Uncontrolled Keywords: | API cal, API hooking, malware |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Divisions: | Computing |
| ID Code: | 59317 |
| Deposited By: | Haliza Zainal |
| Deposited On: | 18 Jan 2017 01:50 |
| Last Modified: | 14 Oct 2021 03:30 |
Repository Staff Only: item control page
