System and method for advanced malware analysis

Assignee

• NORTHROP GRUMMAN SYSTEMS CORPORATION · US

Inventors

• Calvin H. Smith · Halifax, US
• Kenneth Maclean · Dallas, US
• Jason Liu · Los Angeles, US
• Stephen C. Mann · Sturgeon Bay, US
• Wendy Mann · Sterling, US
• Ryan Matthew Chapin · Cincinnati, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and a method for advanced malware analysis. The method filters incoming messages with a watch-list, the incoming messages including attachments, if an incoming message matches the watch-list, forwards the message to a malware detection engine, strips the attachments from the forwarded message, the one or more attachments including one or more executable files, launches a plurality of sandboxes, executes each of the executable files in the plurality of sandboxes, the sandboxes generating analysis results that may be used to determine whether each executable file is malicious, normalizes the analysis results, evaluates the risk level of the attachments to the forwarded message based on the normalized analysis results of the executable files in the attachments to the forwarded message, and, if the risk level of an attachment to the forwarded message is above a certain level, determines that the forwarded message is malicious and permanently quarantines the forwarded message.