Automatic analysis system and method for malicious code

A malicious code, automatic analysis technology, applied in the field of malicious code automatic analysis system, to achieve the effect of improving work efficiency

Inactive Publication Date: 2006-10-11
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Even if humans have time to analyze, but in the face of new deformation codes and unknown shells, the appearance of deformation shells, manual analysis has to spend a lot of energy on analyzing and removing deformation codes and unknown shells.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic analysis system and method for malicious code
  • Automatic analysis system and method for malicious code
  • Automatic analysis system and method for malicious code

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] Such as figure 1 As shown in the figure, before the malicious code runs, the user first needs to define a batch of functions. Generally, normal applications rarely use these functions, or there is no need to use these functions, and the probability of using these functions by malicious code is quite high.

[0029] Before the system starts analysis, it will load all API (Application programming interface) (application programming interface) function lists from the database. When the malicious code calls the above-mentioned user-defined sensitive functions, it will record the function calls.

[0030] When the API function is loaded, the system will load the driver to record the access and operation of files, registry and network by malicious code.

[0031] When the malicious code finishes running, the system will automatically analyze its mechanism based on various behaviors recorded during the running of the malicious code.

[0032] figure 2 It is a relationship diagr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a malicious code automatic analyze system formed by several independent modules, as malicious code operating module, file detecting module, register detecting module, function transfer detecting module, network data detecting module, program inner operation detecting module, and malicious code operation automatic analyze module. Said method comprises: loading the driving programs of file detection and register detection; loading the sensitive function recorded in pre-definition; in the operation of malicious code, synchronously recording to the transfer of application program interfaced, the access of file and register, and network operation; when the malicious code is over and automatically leaves, the system automatically analyzes said operation, and outputs the result. The invention can completely record the operation of malicious code, without affected by the unknown frame or distortion frame of malicious code. The invention can improve the working efficiency and malicious code analyzer.

Description

technical field [0001] The invention relates to a malicious code automatic analysis system and method. The invention is used for the analysis of malicious code (application program) under WINDOWS (name of a kind of operating system) environment. Background technique [0002] Traditional malicious code analysis is analyzed through manual debugging and tracing, which depends on the experience and ability of the analyst, and in many cases, some malicious code behaviors will be missed. With dozens to hundreds of malicious codes appearing every day, the manual one by one, dynamic tracking and reverse analysis methods are no longer suitable for today's needs in terms of work efficiency and cost investment. Even if humans have time to analyze, but in the face of new deformation codes and unknown shells, the appearance of deformation shells, manual analysis has to spend a lot of energy on analyzing and removing deformation codes and unknown shells. Contents of the invention [0...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/12
Inventor 俞科技蔡晶晶
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap