data/html/sections/behavior.html
<section id="behavior">
<div class="page-header">
<h1>Behavior Analysis <small>details on the malware execution</small></h1>
</div>
%if behavior["summary"]:
<h2>Summary</h2>
<div class="well">
<h3>Files</h3>
%if behavior["summary"]["files"]:
<ul>
%for file in behavior["summary"]["files"]:
<li><span class="mono">${file}</span></li>
%endfor
</ul>
%else:
Nothing to display.
%endif
</div>
<div class="well">
<h3>Mutexes</h3>
%if behavior["summary"]["mutexes"]:
<ul>
%for mutex in behavior["summary"]["mutexes"]:
<li><span class="mono">${mutex}</span></li>
%endfor
</ul>
%else:
Nothing to display.
%endif
</div>
<div class="well">
<h3>Registry Keys</h3>
%if behavior["summary"]["keys"]:
<ul>
%for key in behavior["summary"]["keys"]:
<li><span class="mono">${key}</span></li>
%endfor
</ul>
%else:
Nothing to display.
%endif
</div>
%endif
<h2>Processes</h2>
%if behavior["processes"]:
%for process in behavior["processes"]:
<div>
<h3><a href="javascript:showHide('process_${process["process_id"]}');">${process["process_name"]}</a> <small>PID: ${process["process_id"]}, Parent PID: ${process["parent_id"]}</small></h3>
<div id="process_${process["process_id"]}" style="display: none;">
<table class="table table-striped table-bordered table-condensed">
<tr>
<th>Timestamp</th>
<th>Thread</th>
<th>Function</th>
<th>Arguments</th>
<th>Status</th>
<th>Return</th>
<th>Repeated</th>
</tr>
%for i, call in enumerate(process["calls"]):
<tr>
<td>${call["timestamp"][11:]}</td>
<td>${call["thread_id"]}</td>
<td><span class="mono">${call["api"]}</span></td>
<td>
%for argument in call["arguments"]:
${argument["name"]} => <span class="mono">${argument["value"]}</span><br />
%endfor
</td>
<td>${call["status"]}</td>
<td>${call["return"]}</td>
<td>
%if call["repeated"] and call["repeated"] > 0:
${call["repeated"]}
%if call["repeated"] == 1:
time
%elif call["repeated"] > 1:
times
%endif
%endif
</td>
</tr>
%endfor
</table>
</div>
</div>
%endfor
%else:
Nothing to display.
%endif
</section>