Determining malware via symbolic function hash analysis
US11176251B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 20, 2019 |
| Grant date | Nov 16, 2021 |
| Priority date | — |
| Expiry date | Feb 16, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A device for classifying malware including a processor, and a storage device storing a plurality of previously classified symfunc hash values and malware detection logic which attempts to classify malicious code by utilizing binary disassembler logic processed by the processor. Binary disassembler logic can be configured to receive a suspicious binary object and disassemble the binary object into disassembled code data, while symbolic analyzer logic can be configured to receive the disassembled code data and generate symbolic representation data. Generation logic can be configured to receive the symbolic representation data and generate at least one symfunc hash value based on the symbolic representation data. Finally, classification logic can be configured to receive at least one symfunc hash value, compare the symfunc hash value against previously classified symfunc hash values, and determine if the binary object comprises malicious code based on the associated symfunc hash value. The reporting logic can issue an alert reporting the malicious code or initiate the execution of a pre-determined action.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.