Added API call details when signature matches

brad-sp · Nov 2, 2015 · a625e90 · a625e90
1 parent 3f19894
commit a625e90
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/modules/signatures/andromeda_apis.py b/modules/signatures/andromeda_apis.py
@@ -39,6 +39,7 @@ def on_call(self, call, process):
         try:
             eventname_int = int(eventname)
             if self.sysvolserial and eventname_int == self.sysvolserial ^ 0x696e6a63: # 'injc'
+                self.add_match(process, 'api', call)
                 return True
         except:
             pass
diff --git a/modules/signatures/antiav_avast_libs.py b/modules/signatures/antiav_avast_libs.py
@@ -29,4 +29,5 @@ class AvastDetectLibs(Signature):
     def on_call(self, call, process):
         dllname = self.get_argument(call, "FileName")
         if "snxhk" in dllname.lower():
+            self.add_match(process, 'api', call)
             return True
diff --git a/modules/signatures/antiav_bitdefender_libs.py b/modules/signatures/antiav_bitdefender_libs.py
@@ -29,4 +29,5 @@ class BitdefenderDetectLibs(Signature):
     def on_call(self, call, process):
         dllname = self.get_argument(call, "FileName")
         if "avcuf32" in dllname.lower():
+            self.add_match(process, 'api', call)
             return True