Patent · US Expired

Detecting computer programs within packed computer files

US7421587B2 · kind B2 · utility

16Cited by

22References

61Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Neil A. Cowie · Aylesbury, GB
Igor Muttik · Aylesbury, GB

Key dates

Filing date	Jul 26, 2001
Grant date	Sep 2, 2008
Priority date	—
Expiry date	Jun 4, 2023

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A technique for detecting Trojans and worms within packed computer files uses fingerprint data derived from the unpacked resource data associated with the packed computer files. The number of entries, the position within the resource data and size of the resource that is the largest resource specified, a timestamp value of compilation and a checksum value derived from the whole of the resource data may be included within a fingerprint value as characteristic of a particular set of resource data. A library of such fingerprint values may be generated for known Trojans and worms, or other programs it is wished to detect, and then a suspect file compared against this library of fingerprints.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.