Method, system and program product for optimizing emulation of a suspected malware
US8473931B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 20, 2012 |
| Grant date | Jun 25, 2013 |
| Priority date | — |
| Expiry date | Mar 20, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method, system and program product for optimizing emulation of a suspected malware. The method includes identifying, using an emulation optimizer tool, whether an instruction in a suspected malware being emulated by an emulation engine in a virtual environment signifies a long loop and, if so, generating a first hash for the loop. Further, the method includes ascertaining whether the first hash generated matches any long loop entries in a storage and, if so calculating a second hash for the long loop. Furthermore, the method includes inspecting any long loop entries ascertained to find an entry having a respective second hash matching the second hash calculated. If an entry matching the second hash calculated is found, the method further includes updating one or more states of the emulation engine, such that, execution of the long loop of the suspected malware is skipped, which optimizes emulation of the suspected malware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.