Learning to Look Benign: Targeted Evasion of Malware Detectors via API Import Injection

ArXi:2605.18624v1 Announce Type: cross Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific benign software category, not merely as "not malware", by adding a small number of Win32 API imports characteristic of that selected category, without removing any existing imports or re.