Patent · US Active

Identification of .NET malware with “unmanaged imphash”

US12153676B2 · kind B2 · utility

0Cited by

10References

21Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Yaron Samuel · Tel Aviv-Yafo, IL
Dominik Reichel · Klieve, DE
Robert Jung · Albuquerque, US
Lauren Che · Dublin, US

Key dates

Filing date	Dec 21, 2021
Grant date	Nov 26, 2024
Priority date	—
Expiry date	Dec 23, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The present application discloses a method, system, and computer system for detecting malicious files. The method includes receiving a sample that comprises a .NET file, obtaining imported API function names based at least in part on a .NET header of the .NET file, determining a hash of a list of unmanaged imported API function names, and determining whether the sample is malware based at least in part on the hash of the list of unmanaged imported API function names.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.