Patent · US Active

Systems and methods for identifying malicious file droppers

US10572663B1 · kind B1 · utility

0Cited by

4References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Yun Shen · Bristol, GB
Azzedine Benameur · Fairfax, US
Nathan Evans · Sterling, US

Key dates

Filing date	Mar 9, 2016
Grant date	Feb 25, 2020
Priority date	—
Expiry date	Oct 16, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/568
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The disclosed computer-implemented method for identifying malicious file droppers may include (1) detecting a malicious file on the computing device, (2) constructing an ordered list of files that resulted in the malicious file being on the computing device where the malicious file is the last file in the ordered list of files and each file in the ordered list of files placed the next file in the ordered list of files on the computing device, (3) determining that at least one file prior to the malicious file in the ordered list of files comprises a malicious file dropper, and (4) performing a security action in response to determining that the file prior to the malicious file in the ordered list of files comprises the malicious file dropper. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.