Patent · US Active

Deactivating evasive malware

US10546128B2 · kind B2 · utility

0Cited by

1References

18Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Zhongshu Gu · Ridgewood, US
Heqing Huang · Mahwah, US
Jiyong Jang · Ossining, US
Dhilung Hang Kirat · White Plains, US
Xiaokui Shu · Ossining, US
Marc Philippe Stoecklin · Bern, CH
Jialong Zhang · White Plains, US

Key dates

Filing date	Oct 6, 2017
Grant date	Jan 28, 2020
Priority date	—
Expiry date	Oct 12, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Approaches to deactivating evasive malware. In an approach, a computer system installs an imitating resource in the computer system and the imitating resource creates an imitating environment of malware analysis, wherein the imitating resource causes the evasive malware to respond to the imitating environment of the malware analysis as to a real environment of the malware analysis. In the imitating environment of malware analysis, the evasive malware determines not to perform malicious behavior. In another approach, a computer system intercepts a call from the evasive malware to a resource on the computer system and returns a virtual resource to the call, wherein in the virtual resource one or more values of the resource on the computer system are modified.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.