Multiple application versions in a single virtual machine

Assignee

• Trend Micro Incorporated · JP

Inventors

• Ben Huang · Tecate Mission Road, US
• Xiaochuan Wan · Xibeiwang, CN
• Xinfeng Liu · Nanjing, CN
• Qiang Huang · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F8/62
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A single virtual machine is implemented upon a computer and an operating system executes within this virtual machine. A sample file suspected of being malware is received and any number of versions of the software application corresponding to the sample file are installed. Each version of the software application is executed within the operating system, each version opening the sample file. Behavior of each version and of the sample file is collected while each version is executing. A score indicating malicious behavior for each version with respect to the sample file is determined and reported. The versions may execute serially in the happening system, each version terminating before the next version begins executing. Or, all versions may execute concurrently within the operating system. Files and registries are hidden to facilitate installation. System information is changed to facilitate execution.