Monitoring API Calls on Windows with Maltrap

MalTrap is a research utility that monitors malware behavior by intercepting API calls on Windows and logging results. Though still in it's Alpha release and sparse on features, its a very interesting and useful tool. The video below contains a demo of Maltrap run on VNC and Winamp. I demonstrate how the network activity can be detected using the logging info created by Maltrap.

I have a couple of requests for the Maltrap team:

1. Make your software open source so others can contribute
2. Allow users to select which API calls they want to monitor and have logged
3. Allow a search feature on the logging dump (workaround right now is to use notepad)
4. Allow a matrix style freezing of the API calls and for the users to tamper with the inputs to the call or output from the call

Anyways, its a great tool and would highly recommend you all to try it. You can download it here.

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net