Malicious code sample extraction method and system based on document type bug

A technology of malicious code and extraction method, which is applied in the field of malicious code sample extraction method and system, can solve the problems of slow operation speed, difficulty in characterization, and impossibility of execution, and achieve the effect of speed improvement

Active Publication Date: 2013-09-11
BEIJING ANTIY NETWORK SAFETY TECH CO LTD
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] First, when a large number of documents are executed in a virtual machine, each of them must have a running and waiting time, so the operation speed is very slow;
[0005] Second, different types of documents depend on the operating environment of the document when they are executed, so the construction of the operating environment in the virtual machine is a time-consuming process, and the operating environment may not include all document execution environments, so that As a result, some documents cannot be executed because there is no operating environment;
[0006] Third, the captured samples have been protected by intruders and conditionally executed, and there is basically no behavior in the automatic analysis of virtual machines, so it is difficult to determine whether they are malicious or not

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious code sample extraction method and system based on document type bug
  • Malicious code sample extraction method and system based on document type bug
  • Malicious code sample extraction method and system based on document type bug

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention provides a method and system for extracting malicious code samples based on document-type vulnerabilities, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and The advantages can be more obvious and easy to understand, and the technical solution in the present invention will be further described in detail below in conjunction with the accompanying drawings:

[0042] The present invention firstly provides a method for extracting malicious code samples based on document-type vulnerabilities. Now, the EMAIL server document detection system is used as an example for illustration. Document files, extracting malicious code samples for the extracted document files, such as figure 1 shown, including:

[0043] S101 locate the shellcode in the document;

[0044] S102 extracts the located shellcode; but the shellcode at thi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code sample extraction method and a system based on a document type bug. The method comprises the steps that a shellcode in a document is positioned; the positioned shellcode is extracted, and then converted into a PE (Portable Executable) file; the PE file is operated; whether the PE file releases a file is judged; if so, the released file serves as a malicious code sample to be extracted; if not, whether the PE file downloads a file is judged; if so, the downloaded file serves as a malicious code sample to be extracted; and if not, malicious code sample extraction on the document is abandoned. Compared with the traditional culture method, the method extracts more accurately, quickly and conveniently.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for extracting malicious code samples based on document-type vulnerabilities. Background technique [0002] The malicious code based on the document type vulnerability is not initially in the user's computer, but the intruder first implants the vulnerable document into the user's computer in various ways, and then guides the user to open the operation, so that through the set shellcode Release or download of malicious code. And these malicious codes often go through layers of anti-information security product operations by intruders: packing, anti-virtual machine, anti-kill, driver protection, conditional execution and other protections. The most important problem is that intruders often know very well about the users or networks to be invaded, and their purpose is to only steal specific user information, and to carry out long-term latency, so intrud...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
Inventor 李伟布宁宋兵刘佳男李柏松
Owner BEIJING ANTIY NETWORK SAFETY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap