Please wait ...

MalFe Logo

Malware Feature Engineering

A one-stop hub for all security machine learning researchers.

About MalFe

The goal of this platform is to bring forth a new stronger data platform that can be used to generate custom datasets that can aid security researchers in building better machine learning models to combact malware. This platform relies on cuckoo reports of analysed malware samples and then gives security researchers the ability to use these reports to build their own datasets, add reports, add public datasets and even use it for private use.

Number of Public Datasets
Number of Public Reports
Number of Private Datasets
Number of Private Reports

How MalFe Works?

To use MalFe is relatively easy, but requires you to have a knowledge of machine learning and security. The functionality and workflow is presented in the video below:

Popular Datasets

API CALL FREQUENCY
Frequency of API call types in samples
Ransomware(2512), Development(20), Education(9), Games(52), Graphics(55), Internet(83), Music / Video(47), Office(54), Security(30), Utilities(222)

Sample Name category label SetErrorMode OleInitialize LdrGetDllHandle LdrLoadDll LdrGetProcedureAddress NtOpenSection NtMapViewOfSection RegOpenKeyExW RegQueryValueExW RegCloseKey NtClose NtOpenKey NtQueryValueKey GetSystemWindowsDirectoryW NtCreateFile NtCreateSection RegOpenKeyExA CreateActCtxW GetSystemDirectoryW GetVolumeNameForVolumeMountPointW NtDuplicateObject LoadStringW NtCreateMutant GetNativeSystemInfo RegEnumKeyW NtQuerySystemInformation RegQueryValueExA NtQueryDirectoryFile GlobalMemoryStatusEx CoCreateInstance NtAllocateVirtualMemory CreateDirectoryW DeleteFileW GetFileSizeEx NtReadFile GetFileInformationByHandleEx GetSystemTimeAsFileTime GetVolumePathNamesForVolumeNameW LdrUnloadDll CoInitializeEx NtOpenProcess CoUninitialize NtFreeVirtualMemory NtOpenFile NtQueryInformationFile GetFileAttributesW FindFirstFileExW NtQueryAttributesFile NtUnmapViewOfSection SetFilePointerEx SetFilePointer GetTempPathW GetFileSize NtWriteFile FindResourceExW LoadResource SHGetFolderPathW NtProtectVirtualMemory GetFileType ReadProcessMemory GetForegroundWindow GetSystemMetrics SetFileTime NtSetInformationFile SearchPathW NtOpenMutant RegEnumKeyExW DrawTextExW GetAsyncKeyState GetDiskFreeSpaceExW GetKeyState FindWindowW FindWindowExA CreateThread MoveFileWithProgressW SetFileAttributesW RemoveDirectoryW NtTerminateProcess CreateToolhelp32Snapshot Process32FirstW Process32NextW FindWindowExW SetEndOfFile GetCursorPos SetUnhandledExceptionFilter OutputDebugStringA GetSystemInfo FindResourceW SizeofResource NtDelayExecution GetKeyboardState WSAStartup socket setsockopt NtDeviceIoControlFile closesocket GetBestInterfaceEx GetAdaptersAddresses NtQueryKey RegCreateKeyExW GetAddrInfoW GetUserNameExW RegSetValueExW RegDeleteValueW InternetQueryOptionA URLDownloadToFileW IsDebuggerPresent CreateProcessInternalW GetTimeZoneInformation LookupAccountSidW SendNotifyMessageW UuidCreate GetFileVersionInfoSizeW GetFileVersionInfoW NtEnumerateValueKey EnumWindows OpenSCManagerW GetComputerNameW GetUserNameW NetShareEnum GetFileInformationByHandle DeviceIoControl ShellExecuteExW RegQueryInfoKeyW RegEnumValueW RegDeleteKeyW NtReadVirtualMemory NtOpenKeyEx NtSetValueKey NtCreateKey GetVolumePathNameW GetFileAttributesExW GetUserNameExA RegCreateKeyExA CryptAcquireContextW NtEnumerateKey NtDeleteKey OpenServiceW NtOpenDirectoryObject CreateJobObjectW SetInformationJobObject RegEnumKeyExA __exception__ GetShortPathNameW LoadStringA FindResourceA DrawTextExA RegQueryInfoKeyA RegSetValueExA SHGetSpecialFolderLocation NtCreateThreadEx NtResumeThread gethostbyname GetSystemDirectoryA FindResourceExA GetDiskFreeSpaceW CertOpenStore CryptDecodeObjectEx CertControlStore CryptHashData NtOpenThread MessageBoxTimeoutW LookupPrivilegeValueW CryptAcquireContextA SetFileInformationByHandle RemoveDirectoryA SetWindowsHookExW CopyFileW GetFileVersionInfoSizeExW GetFileVersionInfoExW CoInitializeSecurity WSASocketW WSAConnect UnhookWindowsHookEx CertOpenSystemStoreW getaddrinfo InternetCrackUrlW CoCreateInstanceEx CoGetClassObject IWbemServices_ExecQuery SetStdHandle GlobalMemoryStatus NetGetJoinInformation CryptCreateHash GetComputerNameA InternetOpenA InternetOpenUrlA InternetCloseHandle ReadCabinetState InternetOpenW InternetConnectW HttpOpenRequestW HttpSendRequestW NtDeleteValueKey HttpQueryInfoA RegEnumValueA CryptProtectMemory CreateServiceW WriteConsoleA CopyFileA WriteProcessMemory SendNotifyMessageA RegDeleteKeyA WriteConsoleW JsGlobalObjectDefaultEvalHelper ObtainUserAgentString StartServiceW NtQueueApcThread RtlAddVectoredContinueHandler CryptExportKey CryptGenKey CryptEncrypt NetUserGetInfo GetUserNameA InternetOpenUrlW system GetAdaptersInfo Module32FirstW NtGetContextThread Module32NextW RtlAddVectoredExceptionHandler NtSuspendThread OpenSCManagerA OpenServiceA NtQueryMultipleValueKey MessageBoxTimeoutA ControlService NtTerminateThread EncryptMessage DecryptMessage DeleteService FindWindowA RtlRemoveVectoredExceptionHandler ioctlsocket connect select SetWindowsHookExA CreateServiceA bind listen getsockname accept InternetCrackUrlA InternetConnectA HttpOpenRequestA HttpSendRequestA sendto shutdown RtlDecompressBuffer NtSetContextThread Thread32First Thread32Next CreateRemoteThread InternetReadFile CreateRemoteThreadEx timeGetTime DnsQuery_A InternetGetConnectedState RegisterHotKey CryptDecrypt CopyFileExW NtDeleteFile send DeleteUrlCacheEntryA EnumServicesStatusW recv NtWriteVirtualMemory InternetSetOptionA NtLoadDriver __anomaly__ EnumServicesStatusA RegDeleteValueA CertCreateCertificateContext InternetSetStatusCallback IWbemServices_ExecMethod AssignProcessToJobObject StartServiceA CryptProtectData CryptUnprotectData CryptUnprotectMemory SHA256
0 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe Ransomware 1 245 6 141 253 1426 49 64 1547 1308 7834 18734 413 172 58 7398 41 6553 6 25 21 46 243 24 9 8 7 6417 920 1 53 3346 9 12 6 11208 3 192 48 74 34 15 40 3771 65 15 149 17478 14 50 0 51483 1 14 40704 32 31 8 6 406 0 4 670 3317 6 0 1 128 86 0 0 0 0 0 6 3507 7016 0 75 0 0 0 134 3314 0 21 0 10 2 1 6552 0 8 6 6 48 6 4 2 12 235 2 8 271 69 0 0 2 28 1 6 0 2 9 9 0 6 2 15 0 1 0 0 5 72 128 0 0 0 0 0 5 16 0 4 1 0 0 2 7 0 0 90 1 0 93 0 0 0 4 6 1 4 0 4 0 0 0 0 0 0 8 0 6 2 0 0 0 1 0 0 8 0 0 0 0 0 4 8 10 4 0 2 0 0 2 3 2 7 0 0 0 0 0 0 0 0 4 0 2 0 3 0 0 108 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 36 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
1 GandCrab.exe Ransomware 1 2 0 11 2 24 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 22299 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
3081 Zeppelin_7d809e8c9b98c16647bbfac49854c28ecc3fe6d4345410deeaa79445cc50cf51.exe Ransomware 1 0 0 14 20 252 0 0 33 17 28 44 8 2 0 1 0 25 0 1 0 3 0 0 1 0 0 0 0 0 5 21 0 1 0 0 0 3 0 0 3 0 3 2 0 0 0 22 4 0 0 0 0 0 1 0 0 0 12 0 0 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 23 0 4 3 3 22 3 2 1 4 4 1 0 7 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 31 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 7d809e8c9b98c16647bbfac49854c28ecc3fe6d4345410deeaa79445cc50cf51
3082 Zeppelin_eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5.exe Ransomware 1 71 0 68 60 324 0 13 155 230 6836 20656 143 79 10 8282 11 6413 0 5 3 16 6 2 3 0 0 6325 1209 0 30 7682 0 3 0 12412 0 32 8 27 12 6 12 10603 52 2 20 19088 12 12 0 58288 0 0 47094 0 0 0 0 82 0 0 9 3836 3 0 0 2 0 0 0 0 0 0 2 3836 8070 0 39 0 0 0 0 3836 0 10 0 0 0 0 6407 0 14 12 12 67 12 4 2 8 337 2 4 347 5 0 0 2 14 0 4 0 0 0 0 0 0 1 13 0 0 0 0 1 2 0 0 0 0 0 0 1 0 0 4 0 0 0 1 2 0 0 7 1 0 93 0 0 0 4 2 0 2 0 0 0 0 0 0 0 0 6 0 6 0 0 0 0 1 0 0 4 0 0 0 0 0 4 6 6 2 0 0 0 0 2 3 2 7 0 0 0 0 0 0 0 0 0 0 2 0 6 0 4 53 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5

3083 rows × 284 columns

Created by: VHUHWAVHO
Downloaded 8 times
June 19, 2024, 7:11 p.m.
Ransomware_Detection_Using_PE_Imports
A dataset of the function names of PE imports and the DLL the functions are called from.


function_name dll category label SHA256
0 SysFreeString oleaut32.dll Ransomware M 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
1 SysReAllocStringLen oleaut32.dll Ransomware M 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
... ... ... ... ... ...
140259 VariantClear oleaut32.dll Ransomware M eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5
140260 VariantInit oleaut32.dll Ransomware M eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5

140261 rows × 5 columns

Created by: Tanatswa Dendere
Downloaded 6 times
April 26, 2023, 9:22 a.m.
Ransomware_Detection_Using_Features_of_PE_Imports_2
A dataset of Portable Executable files and the features extracted from their imports (PE Imports). The following are the features extracted: 1. The number of functions utilized per DLL imported as a ratio, 2. The number of 'bogus' functions, that is functions that are made-up and typically have additional (non-alphabetic) characters in the name, 3. The number of functions utilized by that PE file that are blacklisted as functions typically imported by ransomware files, 4. The number of functions utilized by that PE file that are typically imported and used exclusively by good-ware files 'whitelisted' functions, 5. The difference of the number of register keys opened/ created and those deleted by the end of the application, and 6. The number of native functions utilized by the PE file.


label ave_functions_utilised_from_dlls_imported bogus_functions num_blacklisted_functions num_whitelisted_functions persistent_reg_key num_native_functions SHA256
0 M 1.115312 37 2 1 -1 0 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
1 M 24.500000 0 1 0 0 0 bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a
... ... ... ... ... ... ... ... ...
1829 M 2.950617 2 3 0 0 0 7d809e8c9b98c16647bbfac49854c28ecc3fe6d4345410deeaa79445cc50cf51
1830 M 0.813333 0 0 1 0 0 eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5

1831 rows × 8 columns

Created by: Tanatswa Dendere
Downloaded 6 times
Sept. 27, 2023, 10:28 p.m.
API Temporal Interval
Gets running total of the time interval for each API call types for each sample
Ransomware(2512), Development(20), Education(9), Games(52), Graphics(55), Internet(83), Music / Video(47), Office(54), Security(30), Utilities(222)

Sample Name category label SetErrorModeTemporalInterval OleInitializeTemporalInterval LdrGetDllHandleTemporalInterval LdrLoadDllTemporalInterval LdrGetProcedureAddressTemporalInterval NtOpenSectionTemporalInterval NtMapViewOfSectionTemporalInterval RegOpenKeyExWTemporalInterval RegQueryValueExWTemporalInterval RegCloseKeyTemporalInterval NtCloseTemporalInterval NtOpenKeyTemporalInterval NtQueryValueKeyTemporalInterval GetSystemWindowsDirectoryWTemporalInterval NtCreateFileTemporalInterval NtCreateSectionTemporalInterval RegOpenKeyExATemporalInterval CreateActCtxWTemporalInterval GetSystemDirectoryWTemporalInterval GetVolumeNameForVolumeMountPointWTemporalInterval NtDuplicateObjectTemporalInterval LoadStringWTemporalInterval NtCreateMutantTemporalInterval GetNativeSystemInfoTemporalInterval RegEnumKeyWTemporalInterval NtQuerySystemInformationTemporalInterval RegQueryValueExATemporalInterval NtQueryDirectoryFileTemporalInterval GlobalMemoryStatusExTemporalInterval CoCreateInstanceTemporalInterval NtAllocateVirtualMemoryTemporalInterval CreateDirectoryWTemporalInterval DeleteFileWTemporalInterval GetFileSizeExTemporalInterval NtReadFileTemporalInterval GetFileInformationByHandleExTemporalInterval GetSystemTimeAsFileTimeTemporalInterval GetVolumePathNamesForVolumeNameWTemporalInterval LdrUnloadDllTemporalInterval CoInitializeExTemporalInterval NtOpenProcessTemporalInterval CoUninitializeTemporalInterval NtFreeVirtualMemoryTemporalInterval NtOpenFileTemporalInterval NtQueryInformationFileTemporalInterval GetFileAttributesWTemporalInterval FindFirstFileExWTemporalInterval NtQueryAttributesFileTemporalInterval NtUnmapViewOfSectionTemporalInterval SetFilePointerExTemporalInterval SetFilePointerTemporalInterval GetTempPathWTemporalInterval GetFileSizeTemporalInterval NtWriteFileTemporalInterval FindResourceExWTemporalInterval LoadResourceTemporalInterval SHGetFolderPathWTemporalInterval NtProtectVirtualMemoryTemporalInterval GetFileTypeTemporalInterval ReadProcessMemoryTemporalInterval GetForegroundWindowTemporalInterval GetSystemMetricsTemporalInterval SetFileTimeTemporalInterval NtSetInformationFileTemporalInterval SearchPathWTemporalInterval NtOpenMutantTemporalInterval RegEnumKeyExWTemporalInterval DrawTextExWTemporalInterval GetAsyncKeyStateTemporalInterval GetDiskFreeSpaceExWTemporalInterval GetKeyStateTemporalInterval FindWindowWTemporalInterval FindWindowExATemporalInterval CreateThreadTemporalInterval MoveFileWithProgressWTemporalInterval SetFileAttributesWTemporalInterval RemoveDirectoryWTemporalInterval NtTerminateProcessTemporalInterval CreateToolhelp32SnapshotTemporalInterval Process32FirstWTemporalInterval Process32NextWTemporalInterval FindWindowExWTemporalInterval SetEndOfFileTemporalInterval GetCursorPosTemporalInterval SetUnhandledExceptionFilterTemporalInterval OutputDebugStringATemporalInterval GetSystemInfoTemporalInterval FindResourceWTemporalInterval SizeofResourceTemporalInterval NtDelayExecutionTemporalInterval GetKeyboardStateTemporalInterval WSAStartupTemporalInterval socketTemporalInterval setsockoptTemporalInterval NtDeviceIoControlFileTemporalInterval closesocketTemporalInterval GetBestInterfaceExTemporalInterval GetAdaptersAddressesTemporalInterval NtQueryKeyTemporalInterval RegCreateKeyExWTemporalInterval GetAddrInfoWTemporalInterval GetUserNameExWTemporalInterval RegSetValueExWTemporalInterval RegDeleteValueWTemporalInterval InternetQueryOptionATemporalInterval URLDownloadToFileWTemporalInterval IsDebuggerPresentTemporalInterval CreateProcessInternalWTemporalInterval GetTimeZoneInformationTemporalInterval LookupAccountSidWTemporalInterval SendNotifyMessageWTemporalInterval UuidCreateTemporalInterval GetFileVersionInfoSizeWTemporalInterval GetFileVersionInfoWTemporalInterval NtEnumerateValueKeyTemporalInterval EnumWindowsTemporalInterval OpenSCManagerWTemporalInterval GetComputerNameWTemporalInterval GetUserNameWTemporalInterval NetShareEnumTemporalInterval GetFileInformationByHandleTemporalInterval DeviceIoControlTemporalInterval ShellExecuteExWTemporalInterval RegQueryInfoKeyWTemporalInterval RegEnumValueWTemporalInterval RegDeleteKeyWTemporalInterval NtReadVirtualMemoryTemporalInterval NtOpenKeyExTemporalInterval NtSetValueKeyTemporalInterval NtCreateKeyTemporalInterval GetVolumePathNameWTemporalInterval GetFileAttributesExWTemporalInterval GetUserNameExATemporalInterval RegCreateKeyExATemporalInterval CryptAcquireContextWTemporalInterval NtEnumerateKeyTemporalInterval NtDeleteKeyTemporalInterval OpenServiceWTemporalInterval NtOpenDirectoryObjectTemporalInterval CreateJobObjectWTemporalInterval SetInformationJobObjectTemporalInterval RegEnumKeyExATemporalInterval __exception__TemporalInterval GetShortPathNameWTemporalInterval LoadStringATemporalInterval FindResourceATemporalInterval DrawTextExATemporalInterval RegQueryInfoKeyATemporalInterval RegSetValueExATemporalInterval SHGetSpecialFolderLocationTemporalInterval NtCreateThreadExTemporalInterval NtResumeThreadTemporalInterval gethostbynameTemporalInterval GetSystemDirectoryATemporalInterval FindResourceExATemporalInterval GetDiskFreeSpaceWTemporalInterval CertOpenStoreTemporalInterval CryptDecodeObjectExTemporalInterval CertControlStoreTemporalInterval CryptHashDataTemporalInterval NtOpenThreadTemporalInterval MessageBoxTimeoutWTemporalInterval LookupPrivilegeValueWTemporalInterval CryptAcquireContextATemporalInterval SetFileInformationByHandleTemporalInterval RemoveDirectoryATemporalInterval SetWindowsHookExWTemporalInterval CopyFileWTemporalInterval GetFileVersionInfoSizeExWTemporalInterval GetFileVersionInfoExWTemporalInterval CoInitializeSecurityTemporalInterval WSASocketWTemporalInterval WSAConnectTemporalInterval UnhookWindowsHookExTemporalInterval CertOpenSystemStoreWTemporalInterval getaddrinfoTemporalInterval InternetCrackUrlWTemporalInterval CoCreateInstanceExTemporalInterval CoGetClassObjectTemporalInterval IWbemServices_ExecQueryTemporalInterval SetStdHandleTemporalInterval GlobalMemoryStatusTemporalInterval NetGetJoinInformationTemporalInterval CryptCreateHashTemporalInterval GetComputerNameATemporalInterval InternetOpenATemporalInterval InternetOpenUrlATemporalInterval InternetCloseHandleTemporalInterval ReadCabinetStateTemporalInterval InternetOpenWTemporalInterval InternetConnectWTemporalInterval HttpOpenRequestWTemporalInterval HttpSendRequestWTemporalInterval NtDeleteValueKeyTemporalInterval HttpQueryInfoATemporalInterval RegEnumValueATemporalInterval CryptProtectMemoryTemporalInterval CreateServiceWTemporalInterval WriteConsoleATemporalInterval CopyFileATemporalInterval WriteProcessMemoryTemporalInterval SendNotifyMessageATemporalInterval RegDeleteKeyATemporalInterval WriteConsoleWTemporalInterval JsGlobalObjectDefaultEvalHelperTemporalInterval ObtainUserAgentStringTemporalInterval StartServiceWTemporalInterval NtQueueApcThreadTemporalInterval RtlAddVectoredContinueHandlerTemporalInterval CryptExportKeyTemporalInterval CryptGenKeyTemporalInterval CryptEncryptTemporalInterval NetUserGetInfoTemporalInterval GetUserNameATemporalInterval InternetOpenUrlWTemporalInterval systemTemporalInterval GetAdaptersInfoTemporalInterval Module32FirstWTemporalInterval NtGetContextThreadTemporalInterval Module32NextWTemporalInterval RtlAddVectoredExceptionHandlerTemporalInterval NtSuspendThreadTemporalInterval OpenSCManagerATemporalInterval OpenServiceATemporalInterval NtQueryMultipleValueKeyTemporalInterval MessageBoxTimeoutATemporalInterval ControlServiceTemporalInterval NtTerminateThreadTemporalInterval EncryptMessageTemporalInterval DecryptMessageTemporalInterval DeleteServiceTemporalInterval FindWindowATemporalInterval RtlRemoveVectoredExceptionHandlerTemporalInterval ioctlsocketTemporalInterval connectTemporalInterval selectTemporalInterval SetWindowsHookExATemporalInterval CreateServiceATemporalInterval bindTemporalInterval listenTemporalInterval getsocknameTemporalInterval acceptTemporalInterval InternetCrackUrlATemporalInterval InternetConnectATemporalInterval HttpOpenRequestATemporalInterval HttpSendRequestATemporalInterval sendtoTemporalInterval shutdownTemporalInterval RtlDecompressBufferTemporalInterval NtSetContextThreadTemporalInterval Thread32FirstTemporalInterval Thread32NextTemporalInterval CreateRemoteThreadTemporalInterval InternetReadFileTemporalInterval CreateRemoteThreadExTemporalInterval timeGetTimeTemporalInterval DnsQuery_ATemporalInterval InternetGetConnectedStateTemporalInterval RegisterHotKeyTemporalInterval CryptDecryptTemporalInterval CopyFileExWTemporalInterval NtDeleteFileTemporalInterval sendTemporalInterval DeleteUrlCacheEntryATemporalInterval EnumServicesStatusWTemporalInterval recvTemporalInterval NtWriteVirtualMemoryTemporalInterval InternetSetOptionATemporalInterval NtLoadDriverTemporalInterval __anomaly__TemporalInterval EnumServicesStatusATemporalInterval RegDeleteValueATemporalInterval CertCreateCertificateContextTemporalInterval InternetSetStatusCallbackTemporalInterval IWbemServices_ExecMethodTemporalInterval AssignProcessToJobObjectTemporalInterval StartServiceATemporalInterval CryptProtectDataTemporalInterval CryptUnprotectDataTemporalInterval CryptUnprotectMemoryTemporalInterval SHA256
0 EternalRocks Ransomware 1 64.07900 0.000000 91.125000 64.328000 91.281000 51.469000 62.34400 64.390000 64.406000 64.406000 91.281000 61.093000 61.093000 0.203000 62.328000 62.3280 0.078000 7.656000 1.610000 0.00000 90.625000 0.016000 61.42200 0.000000 0.000000 61.079 0.000000 60.328000 60.281 0.000000 64.172000 51.094000 0.000000 0.000000 60.203000 0.000000 61.453000 0.00000 6.297000 4.594000 60.859000 0.000000 63.265000 60.297000 0.00000 61.125000 0.000000 0.063000 1.610000 0.0 51.329000 0.0 60.407000 51.671000 0.000 0.00 0.797000 63.110000 52.53200 0.0 0.000000 0.000000 0.000000 0.00 0.0 59.844 60.062000 0.000 0.0 0.0 0.0 0.0 0.0 5.579000 0.00000 0.0000 0.0 0.000000 0.0 0.0 0.0 0.000000 0.0000 0.0 0.000000 0.0 60.625000 0.0 0.0 118.000000 0.0 0.000000 0.000000 0.063000 0.000000 0.063000 0.000000 0.000000 61.265000 0.000000 0.000000 0.000000 0.000000 0.000000 0.0 0.0 0.000000 0.00000 2.141 0.00000 0.0 0.000000 0.000000 0.000000 0.0 0.000 0.00 0.000000 0.0 0.0 0.0 0.0 0.00000 0.687000 0.375000 0.0 0.0 61.265 0.0 0.0 0.00000 58.985000 0.0 0.000000 0.0 0.0 0.0 0.00 0.000000 0 0 0.000000 0.0 0.0 0.000000 0.0 0.0 0.0 0.000000 0.000000 0.0 60.641000 0.0 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.0 0.000000 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.406 0.0 0.0 0 0.0 0.000000 0.00000 0.000000 0.00000 0.0 0.000000 0.0 0.0 0.00000 0.000000 0.000000 0.000000 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.000 0.0 0.000000 0.0 0.000000 0.0 0.0 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.000000 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.000 3b4497c7f8c89bf22c984854ac7603573a53b95ed147e80c0f19e549e2b65693
1 GandCrab.exe Ransomware 1 0.00000 0.000000 0.000000 13.172000 13.172000 0.000000 0.00000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.0000 0.000000 0.000000 0.000000 0.00000 0.000000 0.000000 0.00000 0.000000 0.000000 0.000 0.000000 0.000000 0.000 0.000000 6.141000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.00000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.00000 0.000000 0.000000 0.000000 0.000000 0.0 0.000000 0.0 0.000000 0.000000 0.000 0.00 0.000000 0.000000 0.00000 0.0 0.000000 0.000000 0.000000 0.00 0.0 0.000 0.000000 0.000 0.0 0.0 0.0 0.0 0.0 0.000000 0.00000 0.0000 0.0 0.641000 0.0 0.0 0.0 0.000000 0.0000 0.0 0.000000 0.0 0.000000 0.0 0.0 0.000000 0.0 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.0 0.0 0.000000 0.00000 0.000 0.00000 0.0 0.000000 0.000000 0.000000 0.0 0.000 0.00 0.000000 0.0 0.0 0.0 0.0 0.00000 0.000000 0.000000 0.0 0.0 0.000 0.0 0.0 0.00000 7.016000 0.0 0.000000 0.0 0.0 0.0 0.00 0.000000 0 0 0.000000 0.0 0.0 0.000000 0.0 0.0 0.0 0.000000 0.000000 0.0 0.000000 0.0 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.0 0.000000 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.000 0.0 0.0 0 0.0 0.000000 0.00000 0.000000 0.00000 0.0 0.000000 0.0 0.0 0.00000 0.000000 0.000000 0.000000 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.000 0.0 0.000000 0.0 0.000000 0.0 0.0 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.000000 0.000000 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.000 bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a
... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
3081 Zeppelin_4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a.exe Ransomware 1 87.67075 8.968875 379.464750 150.029499 461.498000 8.717875 77.95225 149.092375 149.092375 459.998875 535.024749 534.868749 534.868749 78.607125 517.481499 76.1410 229.779875 8.952875 78.513625 41.01575 80.077250 143.748874 41.01375 78.700625 7.124875 0.047 211.952625 287.313625 0.000 68.892499 514.122249 8.859875 66.012875 7.077875 237.921624 6.702875 306.502500 40.98375 518.730249 297.361750 213.405375 301.112750 293.060375 66.281250 73.64125 286.233875 510.715625 63.968500 310.688751 0.0 237.921624 0.0 6.859875 289.406375 0.312 0.25 7.140875 54.937875 151.33975 0.0 7.124875 70.436125 138.891125 2.25 0.0 0.000 31.937375 3.875 0.0 0.0 0.0 0.0 0.0 42.437375 137.75025 137.4215 0.0 523.235250 0.0 0.0 0.0 0.905875 137.3905 0.0 65.672875 0.0 20.716375 0.0 0.0 255.750376 0.0 20.406125 20.375125 20.375125 54.297125 20.375125 17.813125 17.766125 29.969375 138.188125 17.765125 65.000125 138.391125 30.328375 0.0 0.0 0.124375 221.87450 0.000 68.26675 0.0 0.936875 33.422375 33.422375 0.0 32.203 2.25 69.203125 0.0 0.0 0.0 0.0 27.50025 65.579375 6.781875 0.0 0.0 0.000 0.0 0.0 64.37525 7.139875 0.0 34.469125 0.0 0.0 0.0 2.25 76.794625 0 0 138.141375 0.0 0.0 54.953875 0.0 0.0 0.0 34.469125 140.297375 0.0 35.922500 0.0 6.765875 0.0 0.0 0.0 0.0 0.0 0.0 64.000375 0.0 256.297000 6.764875 0.0 0.0 0.0 0.0 0.0 0.0 66.094750 0.000 0.0 0.0 0 0.0 0.124375 35.35900 64.688125 35.59425 0.0 6.749875 0.0 0.0 1.26650 37.813125 15.187125 35.141125 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.141 0.0 0.015375 0.0 110.813125 0.0 0.0 133.918375 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 110.813125 15.187125 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.156 4e0d1edb76747fd945b87dd18299298f0df719edbea946119d91db59a9b6527a
3082 Zeppelin_eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5.exe Ransomware 1 2.89075 0.000000 214.782875 67.938625 339.157374 0.000000 4.40750 66.080000 66.080000 337.016749 352.314874 352.000874 352.000874 46.795500 324.392375 4.4075 202.232999 0.000000 47.187250 0.01500 66.905875 47.250250 0.00000 47.187250 0.000000 0.000 180.549250 133.314499 0.000 67.657625 341.406625 0.000000 15.172125 0.000000 149.858625 0.000000 199.314625 0.00000 325.171375 200.314125 180.374500 199.375875 196.764750 10.452375 0.01500 181.331750 322.078249 64.202625 182.842875 0.0 139.389750 0.0 0.000000 247.188625 0.000 0.00 0.000000 0.000000 9.68600 0.0 0.000000 64.878000 66.593000 0.00 0.0 0.000 0.000000 0.000 0.0 0.0 0.0 0.0 0.0 15.172125 66.59300 66.6250 0.0 336.795125 0.0 0.0 0.0 0.000000 66.5470 0.0 3.094125 0.0 0.000000 0.0 0.0 131.859125 0.0 20.390125 20.390125 20.390125 63.609125 20.390125 17.813125 17.766125 20.344125 130.749625 17.765125 0.594250 128.202625 17.797125 0.0 0.0 0.578250 183.03125 0.000 13.07775 0.0 0.000000 0.000000 0.000000 0.0 0.000 0.00 13.062750 0.0 0.0 0.0 0.0 0.00000 0.172250 0.000000 0.0 0.0 0.000 0.0 0.0 0.00000 0.000000 0.0 36.266125 0.0 0.0 0.0 0.00 0.593250 0 0 0.000000 0.0 0.0 64.202625 0.0 0.0 0.0 36.266125 0.016000 0.0 15.172125 0.0 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 0.484750 0.0 182.327875 0.000000 0.0 0.0 0.0 0.0 0.0 0.0 2.780875 0.000 0.0 0.0 0 0.0 0.594250 0.46925 0.438250 0.10925 0.0 0.000000 0.0 0.0 2.37475 39.594125 15.172125 36.938125 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.000 0.0 0.110250 0.0 113.172125 0.0 0.0 7.828000 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 113.172125 15.172125 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0 0.0 0.0 0.0 0.0 0.0 0.000 eb920e0fc0c360abb901e04dce172459b63bbda3ab8152350885db4b44d63ce5

3083 rows × 284 columns

Created by: VHUHWAVHO
Downloaded 5 times
June 25, 2024, 4:24 p.m.

Contact Us

Department of Computer Science, University of Pretoria

Loading
Your message has been sent. Thank you!