Systems and methods for detecting malicious executable files

A technique for executing files and malicious intent, applied in the directions of instruments, program/content distribution protection, electronic digital data processing, etc.

Active Publication Date: 2016-12-14
AO KASPERSKY LAB
View PDF10 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, virus authors can easily prevent detection by making interpreters perform many useless actions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Systems and methods for detecting malicious executable files
  • Systems and methods for detecting malicious executable files
  • Systems and methods for detecting malicious executable files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] According to an embodiment, systems and methods are configured to perform analysis of executable files compiled from scripts written, for example, in the AutoIt language. Necessary features of such an executable include an interpreter. Therefore, hereinafter "executable file" refers to an executable file including an interpreter. In order to detect malicious executables, emulation of scripts contained in executables can be implemented. This emulation saves time, which is often not enough to emulate the executable itself. However, if the script is directly emulated, a smaller number of variables of the execution medium are monitored compared to classic emulation of machine code. Thus, if only script emulation is implemented, there is an opportunity for executables to be misinterpreted as trustworthy (or "clean" or non-malicious) due to the inability to thoroughly check the script's behavior. For this reason, embodiments of the present invention are configured to check...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Systems and methods to detect malicious executable files having a script language interpreter by combining a script emulator and a machine code emulator. A system includes an analyzer configured to convert a script into pseudocode and monitor an emulation process of the pseudocode, a script emulator configured to sequentially emulate the pseudocode and write emulation results to an emulator operation log, and a machine code emulator configured to emulate the pseudocode if a transition from pseudocode to machine code is detected by the analyzer, such that the analyzer can analyze the emulator operation log to determine if the executable file is malicious.

Description

[0001] related application [0002] This application claims the benefit of Russian Federation Patent Application No. 2015141543 filed on September 15, 2015, which is hereby incorporated by reference in its entirety. technical field [0003] The present invention generally relates to antivirus solutions. In particular, the invention relates to detecting malicious objects using emulation. Background technique [0004] The code of today's programs, including malicious code, may include complex sets of instructions: shifts, calls, loops, etc. Also, due to the increasing popularity of high-level programming languages ​​and the increasing sophistication of computer devices and operating systems, the complexity of executable files continues to increase. This complexity applies equally to both trusted and malicious applications. Malicious applications can perform a number of negative and undesirable (from the user's point of view) actions. Examples of such actions are: stealing...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F21/125G06F21/14G06F21/563G06F2221/033
Inventor 维亚切斯拉夫·V·扎科热夫斯基德米特里·V·维诺格德夫弗拉季斯拉夫·V·培提斯基德米特里·A·基尔萨诺夫
Owner AO KASPERSKY LAB
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap