PE (portable executable) file pack detection method based on static characteristics
A technology of static features and detection methods, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of single judgment index and low accuracy of detection rules, and achieve high accuracy and good packing detection ability. , the effect of enriching file characteristics
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Example Embodiment
[0034] When the universal unpacking tool detects malware, because it is not known in advance whether the PE file to be detected is packed, all the PE files to be detected have to be actually executed to try to unpack them before being detected by the anti-virus software. shell. This introduces a large amount of calculation and time-consuming problems. To solve this problem, the present invention proposes to detect whether the target PE file is shelled before it is actually executed to unpack it. Only PE files detected as packed are handed over to the general unpacking tool for unpacking processing; and PE files detected as unpacked are directly handed over to the anti-virus software for detection, without the need for processing by the general unpacking tool.
[0035] Virus producers often rewrite the packer tool to produce new packer tools, so that traditional signature-based packer detection tools have the disadvantage of a high false negative rate. Aiming at this problem, th...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap