Patent · US Active

System and method of detecting malicious code in files

US10460099B2 · kind B2 · utility

6Cited by

7References

20Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventors

Maxim Y. Golovkin · Moscow, RU
Alexey V. Monastyrsky · Moscow, RU
Vladislav V. Pintiysky · Moscow, RU
Mikhail A. Pavlyushchik · Moscow, RU
Vitaly V. Butuzov · Moscow, RU
Dmitry V. Karasovsky · Moscow, RU

Key dates

Filing date	Feb 13, 2017
Grant date	Oct 29, 2019
Priority date	—
Expiry date	Jul 21, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Disclosed are system and method for detecting malicious code in files. One exemplary method comprises: intercepting, by a processor, one or more application program interface (API) calls during an execution of a process launched from a file of a computing device; determining and detecting, by the processor, a presence of an exit condition of the process; in response to detecting the exit condition, identifying one or more signatures of a first type and transferring one or more saved memory dumps of the computing device to an emulator for execution; and determining and identifying a malicious code in the file in response to detecting one or more signatures of a second type based at least upon execution results of the transferred memory dumps of the computing device.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.