Unlock instant, AI-driven research and patent intelligence for your innovation.

RTF file analysis method and device

An analysis method and file technology, applied in the field of data processing, can solve problems such as disturbing normal device operation, inability to further detect sub-files, and normal device security threats, so as to improve defense capabilities, improve detection accuracy, and reduce detection difficulty.

Pending Publication Date: 2019-06-11
TENCENT TECH (SHENZHEN) CO LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In a highly obfuscated RTF file, it is often difficult for the anti-virus engine to correctly detect the subfile embedded in the RTF file, so it is also impossible to further detect whether the embedded subfile is a malicious subfile, which will cause the malicious subfile to disrupt the operation of normal devices. operation, which poses a threat to the security of normal equipment, the embodiment of the present invention provides a method and device for parsing RTF files

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • RTF file analysis method and device
  • RTF file analysis method and device
  • RTF file analysis method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the object, technical solution and beneficial effects of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0027] For the convenience of understanding, the terms involved in the embodiments of the present invention are explained below.

[0028] Obfuscated files: Many virus files highly obfuscate the codes in the virus files in order to anti-kill. In the obfuscated files, the code content is messy and irregular. In addition, some companies also obfuscate the code in order to protect the logic of the front-end code and prevent competitors from grabbing or using their own code.

[0029] RTF file: Rich Text Format (RTF for short) file, a file similar to DOC format (Word document), has good compa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an RTF file analysis method and device. Relating to the technical field of data processing, The method comprises the following steps of: obtaining a sample; The method comprises the following steps: carrying out virus searching and killing on an RTF file; performing dimension reduction processing on an RTF file; Generating a target file, matching the presetheader identifier with characters in the target file; when it is determined that the target file contains the character matched with the preset head identifier; determining a domain operator corresponding to the preset head identifier from the target file, and finally, determining the characters in the domain operator corresponding to the preset head identifier as a target sub-file. Due to the fact that dimension reduction processing is firstly carried out on the RTF file, the content of the RTF file is simplified, interference of invalid characters is avoided when the target sub-file in theRTF file is detected, the detection difficulty is reduced, and meanwhile the detection accuracy is improved. By performing logic detection on the target sub-file, whether the target sub-file is a malicious file is determined, and the virus and attack defense capability is improved.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of data processing, and in particular to a method and device for parsing an RTF file. Background technique [0002] Currently popular attack techniques usually include a highly obfuscated Rich Text Format (RTF) file, and the content of this type of highly obfuscated RTF file is disorganized and irregular. When malicious object linking and embedding (OLE) files, compressed (zip) files, or vbe files are embedded in these RTFs, it is often difficult for anti-virus engines to detect them correctly because the files are highly confused. Therefore, it is impossible to further detect whether the embedded subfile is a malicious subfile. When the malicious sub-file runs on a normal device, it will disrupt the operation of the normal device and pose a threat to the security of the normal device. Contents of the invention [0003] In a highly obfuscated RTF file, it is often difficult for ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F16/903
Inventor 姜澎于涛郭晓龙屈亚鑫张友旭任光辉毕磊申金娟吴彬苏蒙崔精兵郭长宇赵子云王玥
Owner TENCENT TECH (SHENZHEN) CO LTD