Ransomware/Benignware System Calls

Published: 4 August 2023| Version 3 | DOI: 10.17632/kbt8xt3678.3


This is a collection of System calls of 270 Ransomware of different family and 270 Benignware of various categories. This data is collected by running the collected samples in Windows 10 within a virtual machine using API Monitor. The dataset contains the following files : 1- List of Ransomware.xlsx : List of Ransomware Hash 2- List of Benign applications.xlsx : List of Benignware 3- dataset - System calls.zip: The collected System calls 4- dataset - output.csv : The output vector 5- Ransomwares Syscall CSV : The collected raw system calls of Ransomware


Steps to reproduce

1- Download indicated Ransomware in "List of Ransomware.xlsx" using their Hash code from Any.Run, VirusShare, VirusTotal, and Free Automated Malware Analysis Service / Hybrid Analysis. 2- Download the Benignware from the indicated URL in the file "List of Benign applications.xlsx". 3- Install Windows 10 in a virtual machine. 4- install and configure INetSim. 5- Run each sample in a clean session of Windows. 6- Collect the system calls: 6.1- Save the resulted file from API monitor 6.2- Convert it to CSV 7- Create the dataset : 7.1- Within each collected CSV, delete the API calls parameters and calculate the number of calls of each API. 7.2- group together the cleaned CSVs.


Universite Badji Mokhtar Annaba


Cybersecurity, Classifier Evaluation, Cyber Attack