Patent · US Active

Identifying malware based on system API function pointers

US12223044B1 · kind B1 · utility

1Cited by

14References

15Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Robert Jung · Albuquerque, US
Daniel Raygoza · Baltimore, US
Michael S. Hughes · Haines City, US
Esmid Idrizovic · Trumau, AT

Key dates

Filing date	Jul 12, 2021
Grant date	Feb 11, 2025
Priority date	—
Expiry date	Apr 2, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.