Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces! - View it on GitHub