Systems and methods for identifying malware injected into a memory of a computing device
US12079337B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 12, 2021 |
| Grant date | Sep 3, 2024 |
| Priority date | — |
| Expiry date | Jul 12, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In the embodiments described herein, a malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.