Exception handlers in a sandbox environment for malware detection
US11132443B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jan 29, 2021 |
| Grant date | Sep 28, 2021 |
| Priority date | — |
| Expiry date | Jan 29, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An anti-malware application can emulate a suspicious program in a sandbox environment and retrieve any exception handlers the suspicious program attempts to register with the operation system. When the suspicious program triggers an exception, the anti-malware application can save a current context of the suspicious program being emulated. To emulate the handling of the exception, the anti-malware application can validate an exception handler chain including one or more exception handlers added by the suspicious program. The anti-malware application can then select and emulate an exception handler based on the saved context of the suspicious program at the time the exception was triggered. If the first exception handler is successful at resolving the exception, the anti-malware application can then save an updated post-exception context and continue emulation of the suspicious program based on the result of the first exception handler.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.