Research Article
Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph
Table 11
System call dictionary of Trojans.
| Functionality | System call list |
| Processor & bus | NtFlushInstructionCache |
| Local procedure call | NtConnectPort, NtRequestWaitReplyPort, NtAlpcConnectPort, and NtAlpcSendWaitReceivePort |
| Memory | NtMapViewOfSection |
| File & general I/O | NtCreateFile, NtQueryInformationFile, and NtCreateIoCompletion |
| Object | NtClose |
| Atoms | NtAddAtom |
| Processes & thread | NtCreateThread, NtResumeThread, NtCreateProcessEx, NtQuerySystemInformation, NtCreateWorkerFactory, and NtQueryInformationProcess |
| Synchronization | NtCreateKeyedEvent and NtCreateMutant |
| Timers & system time | NtCreateTimer |
|
|