Dataset Open Access

Dynamic Malware Analysis kernel and user-level calls

Matthew Nunes

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="">
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  <controlfield tag="005">20200124192403.0</controlfield>
  <controlfield tag="001">1203289</controlfield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">14638588754</subfield>
    <subfield code="z">md5:070528130fc81478a77c763558530f6b</subfield>
    <subfield code="u"></subfield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">434907463</subfield>
    <subfield code="z">md5:d4e4abb2d37353d22f80662864e03ea4</subfield>
    <subfield code="u"></subfield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2018-03-19</subfield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire_data</subfield>
    <subfield code="o"></subfield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Main Author</subfield>
    <subfield code="a">Matthew Nunes</subfield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Dynamic Malware Analysis kernel and user-level calls</subfield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u"></subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2"></subfield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;This dataset contains the data collected from Cuckoo and our own kernel driver after running 1000 malicious and 1000 clean samples.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;The Kernel Driver folder contains subfolders that hold the API-calls from clean and malicious data. The folders holding data from running clean samples are&amp;nbsp;ProcessIdClean, ProcessIdCleanHippo, ProcessIdCleanPippo, ProcessIdCleanZero. The folders holding data from running malicious samples are ProcessIdVirusShare500 and ProcessIdVirusShare1000. Within these folders are folders labeled as numbers with each number representing the running of a different sample. Within each run is a text file for each system call monitored (the text file&amp;#39;s name is the system call&amp;#39;s name that it contains the calls for). A new line is added to the file every time that system call is called.&amp;nbsp;&lt;/p&gt;

&lt;p&gt;In the Cuckoo folder, the subfolders containing clean data are CuckooClean, CuckooCleanHippo, and CuckooCleanPippo. CuckooVirusShare contains all of the results from running malware. These folders contain the standard data that Cuckoo offers.&lt;/p&gt;</subfield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.1203288</subfield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.1203289</subfield>
    <subfield code="2">doi</subfield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">dataset</subfield>
All versions This version
Views 3,7923,790
Downloads 8,3878,387
Data volume 111.2 TB111.2 TB
Unique views 3,4663,464
Unique downloads 1,3521,352


Cite as