Method and apparatus for inspecting non-portable executable files
US8627478B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 6, 2013 |
| Grant date | Jan 7, 2014 |
| Priority date | — |
| Expiry date | May 6, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An apparatus for inspecting a non-PE file includes a data loading unit configured to load candidate malicious address information related to a malicious code of the non-PE file; and a program link unit configured to acquire normal address range information of a module being loaded on a memory when an application program adapted for the non-PE file is executed and set up a candidate malicious address corresponding to the candidate malicious address information to be a breakpoint of the application program. Further, the apparatus includes a malicious code determination unit configured to determine whether a next execution address is within the normal address range information when there occurs an event derived from the breakpoint.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.