Dataset: Windows Malwares

About this Dataset

Windows Malwares

Windows Malware Detection Dataset

A dataset for Windows Portable Executable Samples with four feature sets. It contains four CSV files, one CSV file per feature set.

First feature set (DLLs_Imported.csv file) contains the DLLs imported by each malware family. The first column contains SHA256 values, second column contains the label or family type of the malware while the remaining columns list the names of imported DLLs.
Second feature set (API_Functions.csv files) contains the API functions called by these malware alongwith their SHA256 hash values and labels.
Third feature set (PE_Header.csv) contains values of 52 fields of PE header. All the fields are labelled in the CSV file.
Fourth feature set (PE_Section.csv file) contains 9 field values of 10 different PE sections. All the fields are labelled in the CSV file.

Malware Type / family Labels:

0=Benign

1=RedLineStealer

2= Downloader

3=RAT

4=BankingTrojan

5=SnakeKeyLogger

6=Spyware

Tables

Api Functions

@kaggle.joebeachcapital_windows_malwares.api_functions

303.46 MB
29505 rows
21920 columns


CREATE TABLE api_functions (
  "sha256" VARCHAR,
  "type" BIGINT,
  "getaclinformation" BIGINT,
  "getace" BIGINT,
  "getsecuritydescriptordacl" BIGINT,
  "regqueryvalueexa" BIGINT,
  "regopenkeyexa" BIGINT,
  "getsecurityinfo" BIGINT,
  "isvalidsid" BIGINT,
  "regclosekey" BIGINT,
  "getexplicitentriesfromacla" BIGINT,
  "getnamedsecurityinfow" BIGINT,
  "convertstringsecuritydescriptortosecuritydescriptorw" BIGINT,
  "isvalidsecuritydescriptor" BIGINT,
  "getsecuritydescriptorgroup" BIGINT,
  "regsetvalueexw" BIGINT,
  "setsecuritydescriptorsacl" BIGINT,
  "getsecuritydescriptorsacl" BIGINT,
  "getsecuritydescriptorowner" BIGINT,
  "setsecuritydescriptorowner" BIGINT,
  "initializesecuritydescriptor" BIGINT,
  "regcreatekeyexw" BIGINT,
  "mapgenericmask" BIGINT,
  "setsecuritydescriptorgroup" BIGINT,
  "regqueryvalueexw" BIGINT,
  "regopenkeyexw" BIGINT,
  "adjusttokenprivileges" BIGINT,
  "lookupprivilegevaluea" BIGINT,
  "gettokeninformation" BIGINT,
  "openprocesstoken" BIGINT,
  "gettraceenablelevel" BIGINT,
  "registertraceguidsa" BIGINT,
  "traceevent" BIGINT,
  "gettraceloggerhandle" BIGINT,
  "gettraceenableflags" BIGINT,
  "istextunicode" BIGINT,
  "makeselfrelativesd" BIGINT,
  "getsidlengthrequired" BIGINT,
  "setsecurityinfo" BIGINT,
  "makeabsolutesd" BIGINT,
  "lookupaccountsidw" BIGINT,
  "getsecuritydescriptorlength" BIGINT,
  "setnamedsecurityinfow" BIGINT,
  "setsecuritydescriptordacl" BIGINT,
  "lookupaccountnamew" BIGINT,
  "getsecuritydescriptorcontrol" BIGINT,
  "getsidsubauthoritycount" BIGINT,
  "setentriesinacla" BIGINT,
  "getsidsubauthority" BIGINT,
  "isvalidacl" BIGINT,
  "getsididentifierauthority" BIGINT,
  "controlservice" BIGINT,
  "queryserviceconfiga" BIGINT,
  "openscmanagera" BIGINT,
  "queryservicestatus" BIGINT,
  "changeserviceconfiga" BIGINT,
  "startservicea" BIGINT,
  "openservicew" BIGINT,
  "deleteservice" BIGINT,
  "closeservicehandle" BIGINT,
  "createservicew" BIGINT,
  "setthreadpriority" BIGINT,
  "terminatethread" BIGINT,
  "virtualallocex" BIGINT,
  "createremotethread" BIGINT,
  "module32nextw" BIGINT,
  "createtoolhelp32snapshot" BIGINT,
  "process32nextw" BIGINT,
  "module32firstw" BIGINT,
  "openthread" BIGINT,
  "process32firstw" BIGINT,
  "thread32next" BIGINT,
  "getexitcodeprocess" BIGINT,
  "readprocessmemory" BIGINT,
  "thread32first" BIGINT,
  "createfilea" BIGINT,
  "resumethread" BIGINT,
  "suspendthread" BIGINT,
  "createmutexw" BIGINT,
  "createfilemappingw" BIGINT,
  "createeventw" BIGINT,
  "releasemutex" BIGINT,
  "getversion" BIGINT,
  "expandenvironmentstringsw" BIGINT,
  "waitnamedpipea" BIGINT,
  "setnamedpipehandlestate" BIGINT,
  "loadlibraryexa" BIGINT,
  "readconsolew" BIGINT,
  "createmutexa" BIGINT,
  "opensemaphorea" BIGINT,
  "createsemaphorea" BIGINT,
  "heapsetinformation" BIGINT,
  "setunhandledexceptionfilter" BIGINT,
  "localalloc" BIGINT,
  "getprocaddress" BIGINT,
  "switchtothread" BIGINT,
  "getcurrentprocessid" BIGINT,
  "deviceiocontrol" BIGINT,
  "openeventa" BIGINT,
  "processidtosessionid" BIGINT
);

Dlls Imported

@kaggle.joebeachcapital_windows_malwares.dlls_imported

2.53 MB
29498 rows
631 columns


CREATE TABLE dlls_imported (
  "sha256" VARCHAR,
  "type" BIGINT,
  "advapi32_dll" BIGINT,
  "kernel32_dll" BIGINT,
  "vspmsg_dll" BIGINT,
  "ole32_dll" BIGINT,
  "oleaut32_dll" BIGINT,
  "psapi_dll" BIGINT,
  "setupapi_dll" BIGINT,
  "shlwapi_dll" BIGINT,
  "pdh_dll" BIGINT,
  "xmllite_dll" BIGINT,
  "msvcr110_dll" BIGINT,
  "user32_dll" BIGINT,
  "msvcrt_dll" BIGINT,
  "shell32_dll" BIGINT,
  "ntdll_dll" BIGINT,
  "api_ms_win_core_winrt_l1_1_0_dll" BIGINT,
  "dui70_dll" BIGINT,
  "windows_ui_immersive_dll" BIGINT,
  "msvcr100_dll" BIGINT,
  "atl100_dll" BIGINT,
  "msvcp100_dll" BIGINT,
  "version_dll" BIGINT,
  "mspdbcore_dll" BIGINT,
  "rpcrt4_dll" BIGINT,
  "secur32_dll" BIGINT,
  "userenv_dll" BIGINT,
  "mpclient_dll" BIGINT,
  "cabinet_dll" BIGINT,
  "comctl32_dll" BIGINT,
  "gdi32_dll" BIGINT,
  "api_ms_win_core_com_l1_1_1_dll" BIGINT,
  "api_ms_win_core_synch_l1_2_0_dll" BIGINT,
  "api_ms_win_core_processthreads_l1_1_2_dll" BIGINT,
  "api_ms_win_core_errorhandling_l1_1_1_dll" BIGINT,
  "api_ms_win_core_libraryloader_l1_2_0_dll" BIGINT,
  "api_ms_win_core_profile_l1_1_0_dll" BIGINT,
  "api_ms_win_core_sysinfo_l1_2_1_dll" BIGINT,
  "api_ms_win_core_string_l1_1_0_dll" BIGINT,
  "api_ms_win_core_registry_l1_1_0_dll" BIGINT,
  "api_ms_win_core_io_l1_1_1_dll" BIGINT,
  "api_ms_win_core_path_l1_1_0_dll" BIGINT,
  "api_ms_win_eventing_provider_l1_1_0_dll" BIGINT,
  "api_ms_win_core_string_l2_1_0_dll" BIGINT,
  "api_ms_win_eventing_controller_l1_1_0_dll" BIGINT,
  "api_ms_win_core_file_l1_2_1_dll" BIGINT,
  "sqlos_dll" BIGINT,
  "netapi32_dll" BIGINT,
  "opends60_dll" BIGINT,
  "sqlmin_dll" BIGINT,
  "sqllang_dll" BIGINT,
  "sqltses_dll" BIGINT,
  "sqldk_dll" BIGINT,
  "api_ms_win_core_rtlsupport_l1_2_0_dll" BIGINT,
  "api_ms_win_core_heap_l2_1_0_dll" BIGINT,
  "api_ms_win_core_heap_l1_2_0_dll" BIGINT,
  "api_ms_win_core_util_l1_1_0_dll" BIGINT,
  "api_ms_win_core_memory_l1_1_2_dll" BIGINT,
  "api_ms_win_core_interlocked_l1_2_0_dll" BIGINT,
  "api_ms_win_core_debug_l1_1_1_dll" BIGINT,
  "api_ms_win_core_handle_l1_1_0_dll" BIGINT,
  "winmm_dll" BIGINT,
  "mfc100u_dll" BIGINT,
  "clusapi_dll" BIGINT,
  "resutils_dll" BIGINT,
  "mpr_dll" BIGINT,
  "crypt32_dll" BIGINT,
  "dbghelp_dll" BIGINT,
  "odbc32_dll" BIGINT,
  "odbcbcp_dll" BIGINT,
  "ws2_32_dll" BIGINT,
  "authz_dll" BIGINT,
  "sspicli_dll" BIGINT,
  "wkscli_dll" BIGINT,
  "netutils_dll" BIGINT,
  "comdlg32_dll" BIGINT,
  "mfc110u_dll" BIGINT,
  "msvcp110_dll" BIGINT,
  "spyxxhk_dll" BIGINT,
  "wtsapi32_dll" BIGINT,
  "instapi110_dll" BIGINT,
  "samcli_dll" BIGINT,
  "nislog_dll" BIGINT,
  "wininet_dll" BIGINT,
  "srvcli_dll" BIGINT,
  "msvcp110_win_dll" BIGINT,
  "api_ms_win_shcore_scaling_l1_1_1_dll" BIGINT,
  "atl110_dll" BIGINT,
  "gdiplus_dll" BIGINT,
  "sqlresourceloader_dll" BIGINT,
  "api_ms_win_core_winrt_string_l1_1_0_dll" BIGINT,
  "spyxxhk_amd64_dll" BIGINT,
  "iphlpapi_dll" BIGINT,
  "msvcr120_clr0400_dll" BIGINT,
  "webengine4_dll" BIGINT,
  "cryptui_dll" BIGINT,
  "dtuparse_dll" BIGINT,
  "mspdb110_dll" BIGINT,
  "sqlncli11_dll" BIGINT
);

Pe Header

@kaggle.joebeachcapital_windows_malwares.pe_header

2.56 MB
29807 rows
54 columns


CREATE TABLE pe_header (
  "sha256" VARCHAR,
  "type" BIGINT,
  "e_magic" BIGINT,
  "e_cblp" BIGINT,
  "e_cp" BIGINT,
  "e_crlc" BIGINT,
  "e_cparhdr" BIGINT,
  "e_minalloc" BIGINT,
  "e_maxalloc" BIGINT,
  "e_ss" BIGINT,
  "e_sp" BIGINT,
  "e_csum" BIGINT,
  "e_ip" BIGINT,
  "e_cs" BIGINT,
  "e_lfarlc" BIGINT,
  "e_ovno" BIGINT,
  "e_oemid" BIGINT,
  "e_oeminfo" BIGINT,
  "e_lfanew" BIGINT,
  "machine" BIGINT,
  "numberofsections" BIGINT,
  "timedatestamp" BIGINT,
  "pointertosymboltable" BIGINT,
  "numberofsymbols" BIGINT,
  "sizeofoptionalheader" BIGINT,
  "characteristics" BIGINT,
  "magic" BIGINT,
  "majorlinkerversion" BIGINT,
  "minorlinkerversion" BIGINT,
  "sizeofcode" BIGINT,
  "sizeofinitializeddata" BIGINT,
  "sizeofuninitializeddata" BIGINT,
  "addressofentrypoint" BIGINT,
  "baseofcode" BIGINT,
  "imagebase" BIGINT,
  "sectionalignment" BIGINT,
  "filealignment" BIGINT,
  "majoroperatingsystemversion" BIGINT,
  "minoroperatingsystemversion" BIGINT,
  "majorimageversion" BIGINT,
  "minorimageversion" BIGINT,
  "majorsubsystemversion" BIGINT,
  "minorsubsystemversion" BIGINT,
  "reserved1" BIGINT,
  "sizeofimage" BIGINT,
  "sizeofheaders" BIGINT,
  "checksum" BIGINT,
  "subsystem" BIGINT,
  "dllcharacteristics" BIGINT,
  "sizeofstackreserve" BIGINT,
  "sizeofheapreserve" BIGINT,
  "sizeofheapcommit" BIGINT,
  "loaderflags" BIGINT,
  "numberofrvaandsizes" BIGINT
);

Pe Section

@kaggle.joebeachcapital_windows_malwares.pe_section

2.73 MB
29760 rows
92 columns


CREATE TABLE pe_section (
  "sha256" VARCHAR,
  "type" BIGINT,
  "text_misc_virtualsize" BIGINT,
  "text_virtualaddress" BIGINT,
  "text_sizeofrawdata" BIGINT,
  "text_pointertorawdata" BIGINT,
  "text_pointertorelocations" BIGINT,
  "text_pointertolinenumbers" BIGINT,
  "text_numberofrelocations" BIGINT,
  "text_numberoflinenumbers" BIGINT,
  "text_characteristics" BIGINT,
  "data_misc_virtualsize" BIGINT,
  "data_virtualaddress" BIGINT,
  "data_sizeofrawdata" BIGINT,
  "data_pointertorawdata" BIGINT,
  "data_pointertorelocations" BIGINT,
  "data_pointertolinenumbers" BIGINT,
  "data_numberofrelocations" BIGINT,
  "data_numberoflinenumbers" BIGINT,
  "data_characteristics" BIGINT,
  "rdata_misc_virtualsize" BIGINT,
  "rdata_virtualaddress" BIGINT,
  "rdata_sizeofrawdata" BIGINT,
  "rdata_pointertorawdata" BIGINT,
  "rdata_pointertorelocations" BIGINT,
  "rdata_pointertolinenumbers" BIGINT,
  "rdata_numberofrelocations" BIGINT,
  "rdata_numberoflinenumbers" BIGINT,
  "rdata_characteristics" BIGINT,
  "bss_misc_virtualsize" BIGINT,
  "bss_virtualaddress" BIGINT,
  "bss_sizeofrawdata" BIGINT,
  "bss_pointertorawdata" BIGINT,
  "bss_pointertorelocations" BIGINT,
  "bss_pointertolinenumbers" BIGINT,
  "bss_numberofrelocations" BIGINT,
  "bss_numberoflinenumbers" BIGINT,
  "bss_characteristics" BIGINT,
  "idata_misc_virtualsize" BIGINT,
  "idata_virtualaddress" BIGINT,
  "idata_sizeofrawdata" BIGINT,
  "idata_pointertorawdata" BIGINT,
  "idata_pointertorelocations" BIGINT,
  "idata_pointertolinenumbers" BIGINT,
  "idata_numberofrelocations" BIGINT,
  "idata_numberoflinenumbers" BIGINT,
  "idata_characteristics" BIGINT,
  "edata_misc_virtualsize" BIGINT,
  "edata_virtualaddress" BIGINT,
  "edata_sizeofrawdata" BIGINT,
  "edata_pointertorawdata" BIGINT,
  "edata_pointertorelocations" BIGINT,
  "edata_pointertolinenumbers" BIGINT,
  "edata_numberofrelocations" BIGINT,
  "edata_numberoflinenumbers" BIGINT,
  "edata_characteristics" BIGINT,
  "rsrc_misc_virtualsize" BIGINT,
  "rsrc_virtualaddress" BIGINT,
  "rsrc_sizeofrawdata" BIGINT,
  "rsrc_pointertorawdata" BIGINT,
  "rsrc_pointertorelocations" BIGINT,
  "rsrc_pointertolinenumbers" BIGINT,
  "rsrc_numberofrelocations" BIGINT,
  "rsrc_numberoflinenumbers" BIGINT,
  "rsrc_characteristics" BIGINT,
  "reloc_misc_virtualsize" BIGINT,
  "reloc_virtualaddress" BIGINT,
  "reloc_sizeofrawdata" BIGINT,
  "reloc_pointertorawdata" BIGINT,
  "reloc_pointertorelocations" BIGINT,
  "reloc_pointertolinenumbers" BIGINT,
  "reloc_numberofrelocations" BIGINT,
  "reloc_numberoflinenumbers" BIGINT,
  "reloc_characteristics" BIGINT,
  "tls_misc_virtualsize" BIGINT,
  "tls_virtualaddress" BIGINT,
  "tls_sizeofrawdata" BIGINT,
  "tls_pointertorawdata" BIGINT,
  "tls_pointertorelocations" BIGINT,
  "tls_pointertolinenumbers" BIGINT,
  "tls_numberofrelocations" BIGINT,
  "tls_numberoflinenumbers" BIGINT,
  "tls_characteristics" BIGINT,
  "pdata_misc_virtualsize" BIGINT,
  "pdata_virtualaddress" BIGINT,
  "pdata_sizeofrawdata" BIGINT,
  "pdata_pointertorawdata" BIGINT,
  "pdata_pointertorelocations" BIGINT,
  "pdata_pointertolinenumbers" BIGINT,
  "pdata_numberofrelocations" BIGINT,
  "pdata_numberoflinenumbers" BIGINT,
  "pdata_characteristics" BIGINT
);