One of the requirements for the malware analyzers is understanding the label of each malware they want to analyze.
Two possible ways for reaching this goal are:
- Reverse engineering and understanding the functionalities of each malware and then creating a label for that malware.
- Anti malware vendors have a team for this task and label each malware based on a convention.
Caro naming is a standard for malware naming but none of the companies follows this standard. So I tried to creat an application that get the malware labels from different anti malware vendors by VirusTotal API and create a Caro naming for each malware. I developed the application with C# 2012. It can be used for naming malware from different platforms like Android, Windows, Linux, Mac, and etc, and also for tagging the family of each malware.
You can see some of the words for creating a unification between names of different vendors in the MalwareDatabase.cs file. I am going to update it continually. I was wondering if you can help me in this matter.
You can see the screenshot of the program :
The quick way to start the application is going to the bin/Debug folder and open Config.ini file. This file is a configuration file which contains 4 things: VirusTotalAPIKey= The API key you obtained from the virustotal after you creat an account in its web site. DefaultFilesPath= Path of the malware Threashold= If the number of Antimalware vendors which label the sample as a malware is more than this threashold, then the application consider it as malware WordThreshold= If the number of usage of a word is more than this threashold, then the word will be considered for malware naming.
As I used the the public API of virus total, so it has limitation of 4 requests per minutes. So the application waits for 60 seconds after it submit 4 samples.
In order to run the application, go to the bin/Debug folder and then run the VTDemo.exe. Obviously, you should run it on the windows paltform with .Net framework 4.5. If you don't have it, you should install it because you will receive an error without .Net framework 4.5.
I will be happy if you can give me some feedback about this application.