Patent · US Active

System and method of analysis of files for maliciousness and determining an action

US10642973B2 · kind B2 · utility

0Cited by

7References

21Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventors

Vladislav V. Pintiysky · Moscow, RU
Denis V. Anikin · Moscow, RU
Denis Y. Kobychev · Moscow, RU
Maxim Y. Golovkin · Moscow, RU
Vitaly V. Butuzov · Moscow, RU
Dmitry V. Karasovsky · Moscow, RU
Dmitry A. Kirsanov · Moscow, RU

Key dates

Filing date	May 17, 2019
Grant date	May 5, 2020
Priority date	—
Expiry date	May 17, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Disclosed are systems and methods for analysis of files for maliciousness and determining an action. An exemplary method comprises: opening a file, by a processor, in a virtual machine, intercepting an event arising in an execution of a thread of a process created upon opening of the file, determining, a context of the processor on which the thread is being executed, the determination including reading register values of the processor and a stack, comparing the context with rules that check: a behavior of the thread of the process, a changing, by the thread, of attributes of the file, and an access of the thread to the Internet, and based on a result of the comparison, performing at least one of: recognizing the file as being malicious, halting the execution of the thread, changing the context of the processor, and waiting for a next intercepted event.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.