Patent · US Active

Anti-malware system with evasion code detection and rectification

US10162966B1 · kind B1 · utility

8Cited by

7References

10Claims

0Family size

Assignee

Trend Micro Incorporated · JP

Inventors

Qiang Huang · Austin, US
Hu CAO · Taiyuan, CN
Xinfeng Liu · Nanjing, CN

Key dates

Filing date	Oct 19, 2016
Grant date	Dec 25, 2018
Priority date	—
Expiry date	Apr 8, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A malware detection system for evaluating sample programs for malware incorporates an evasion code detector. The evasion code detector includes semantic patterns for identifying conditional statements and other features employed by evasion code. The system inserts breakpoints at conditional statements, compares expected and actual evaluated values of conditional variables of the conditional statements, and changes the execution path of the sample program based on the comparison. Changing the execution path of the sample program to an expected execution path counteracts the evasion code, allowing for the true nature of the sample program to be revealed during runtime.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.