MyCERT have been developing a few analysis tools for reversing. MySuntikanAPI is still in alpha version and need more improvement. Every hooked API will capture detail information to make sure we don’t miss any behavior especially in malware sample.

API Hooking is same as IAT hooking. One of the tools that we created is called ‘MySuntikanAPI‘. It is used  to hook and collect API information from the process. Here it is a sample result after hooking notepad.exe.

Every hooked API from the targeted process will hook the buffer (if so) to retrieve information such as GetTempFileName(), CreateFile(), DeleteFileA() and so on. Save the log file for analyzing it later. This tools will be implement into our sandbox as a part of its component. The tools comes with 2 files. MySuntikanAPI.exe (injector) and MySuntikanAPI.dll (to be injected).

Leave a Reply