[ { "title": "Malware family identification using profile signatures", "publication_date": "2015/15/09", "number": "09542556", "url": "/2015/09/15/malware-family-identification-using-profile-signatures2/", "abstract": "A potential malware sample is received from a security device at a server associated with a security cloud service. The sample is executed in a sandbox environment on the server, including by monitoring interaction of the sample with an application program interface (API), provided by the sandbox environment, in order to obtain an API log. It is determined whether the sample is associated with a known malware family including by determining, based at least in part on the API log, if the sample created an executable file and if the sample registered the executable file in a run key. If it is determined that the sample is associated with a known malware family, then an alert is generated.", "owner": "Palo Alto Networks, Inc.", "owner_city": "Santa Clara", "owner_country": "US" } ]