Explore chapters and articles related to this topic
Mobile Platforms
Published in Jithesh Sathyan, Anoop Narayanan, Navin Narayan, K V Shibu, A Comprehensive Guide to Enterprise Mobility, 2016
Jithesh Sathyan, Anoop Narayanan, Navin Narayan, K V Shibu
The latest version is Windows Mobile 6.5. Windows Mobile OS is based on the Windows CE 5.2 kernel. It is programmed in C++ programming language and features a set of basic applications developed with the Microsoft Windows API. There are three versions of Windows Mobile available for various hardware devices: Windows Mobile Professional (for smartphones with touch screens)Windows Mobile Standard (for phones with regular screens)Windows Mobile Classic (for pocket PCs)
Big Data Framework for Zero-Day Malware Detection
Published in Cybernetics and Systems, 2018
Dynamically loaded libraries: It provides the list of libraries loaded at load time (before the execution of malware binary) and run time (during the execution).Dropped files: It specifies the list of files (along with their type, name, and size) which are dropped by a binary file while being executed in the Cuckoo Sandbox.API calls: The Windows API calls are used to perform various functions like managing memory, threading, interacting with various devices, and act as a good indicator to detect a malicious program. Cuckoo reports include the name of functions along with their call sequence, argument details, and their return values.Mutex operation: It includes the operations pertaining to creation of mutex and their names.File system operations: The Cuckoo Sandbox records the file activities performed by malware binary while executing. File system operations include files read, modified, deleted, replaced, etc.Registry system activities: The report generates the registry operations which may be used to create, modify, or delete the registry keys. It is the most common target used by attackers to reconfigure the system for introducing susceptibilities.Network activities: The report generated from Cuckoo Sandbox provides the summarization of network activities such as hosts’ IP addresses to whom the binary attempted to contact, type of protocols used, requested domain name, the corresponding resolution results, etc.Processes: It includes the name and path of processes which the malicious binary creates or terminates.