Abstract

FriSpy is developed by keeping lack of a easily configurable and intelligent open source API monitoring tool in mind. FriSpy makes use of dynamic instrumentation toolkit “FRIDA” to monitor a process.

Following are the features of FriSpy which makes it a good addition to a malware researcher’s arsenal:

Plug and play: FriSpy is easy to deploy and use. User Controlled Execution: User can modify the arguments and return value of APIs to control the flow of the process. Configuration based monitoring: Provides the ability to specify which API to monitor. Profile based monitoring: In addition to above feature, FriSpy also provides readily available configurations for different type of malware. E.g. Ransomware, Process code injector etc. Argument Dump: It provides the feature to dump arguments of an API. User Interface: Streams the behavior of executable driven by the API execution as well as lists extracted behavior indicators.