System and method for detecting malware injected into memory of a computing device
US11151247B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 13, 2017 |
| Grant date | Oct 19, 2021 |
| Priority date | — |
| Expiry date | Jul 13, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.