Method, computer program and computer for analyzing an executable computer file
US8479174B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 30, 2007 |
| Grant date | Jul 2, 2013 |
| Priority date | — |
| Expiry date | Feb 28, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
In one aspect, an executable computer file is partitioned into basic blocks of code. At least some basic blocks are translated into translated basic blocks. At least some translated basic blocks are linked in memory of a computer. At least some translated basic blocks on the computer are executed so as to enable the file to be unpacked or decrypted. In this way, the file can be analyzed to determine whether the file is or should be classed as malware. In another aspect, at least a read page of cache memory is created for at least some basic blocks and at least a write page of cache memory is created for at least some basic blocks. During the execution of a basic block, at least one of the read page and the write page is checked for a cached real address corresponding to the virtual address that is being accessed for said basic block.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.