Detecting delayed activation malware using a primary controller and plural time controllers
US10706149B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 29, 2016 |
| Grant date | Jul 7, 2020 |
| Priority date | — |
| Expiry date | Oct 16, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malicious content detection (MCD) system and a computerized method for manipulating time uses two or more time controllers operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). Each time controller may include a monitoring agent located in a software layer of a computer runtime environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer (e.g., a hypervisor layer) configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock. Additionally, a primary controller may be used in some embodiments to configure and manage, the time controllers.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.