Suspicious file analyzing method and suspicious file analyzing system

Abstract

The embodiment of the invention provides a suspicious file analyzing method which comprises the following steps: obtaining one or more suspicious files according to a prestored configuration file, wherein the configuration file is information relevant to the suspicious file; selecting one of the suspicious files, transmitting the selected suspicious file to a virtual machine and running the selected suspicious file; recoding the behavior characteristics of the suspicious file in the virtual machine during running and storing the behavior characteristics into a log; and analyzing the suspicious file according to the recorded log and outputting an analyzing result. The embodiment of the invention also provides a suspicious file analyzing system. The embodiment of the invention automatically transmits one or more suspicious files to the virtual machine, automatically outputs the analyzing result by monitoring and analyzing the behavior characteristics of the suspicious file in the virtual machine during running and can automatically analyze the suspicious file and output the analyzing result, improve the analyzing efficiency and save the time and the manpower cost.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a suspicious file analysis method and system. Background technique [0002] A virtual machine (Virtual Machine) is a fictitious computer that is realized by simulating various computer functions on a real computer. One or more virtual computers (virtual machines) can be simulated on a computer (host) through virtual machine software, and each virtual computer can run a separate operating system without interfering with each other, that is, a virtual computer A computer is an independent computer with its own operating system. The virtual machine uses the CPU, part of the disk space, and memory of the real system. The virtual machine works exactly like a real computer, such as installing an operating system, installing applications, and accessing network resources. [0003] Because the biggest advantage of virtual machines is convenience, speed, and resource saving, it...

AI Technical Summary

Problems solved by technology

[0004] In the process of implementing the present invention, the inventor found that there are at least the following problems in the prior art: manual operations are required when using a virtual machine, such as creating, restoring, and deleting operations on a single object storage (Single Instance Storage, SIS) and The startup, suspension, restart, shutdown and other operations of the VirtualMachine system require manual participation. The analysis engineers and test engineers of the software information security company must manually operate the virtual machine to achieve the work purpose when analyzing and testing the malware. Therefore, the software Information security companies spend a lot of manpower and material resources in this link

Images