Patent · US Active

System and method for detecting malicious code in random access memory

US9407648B1 · kind B1 · utility

21Cited by

6References

20Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventors

Mikhail A. Pavlyushchik · Moscow, RU
Alexey V. Monastyrsky · Moscow, RU
Denis A. Nazarov · Moscow, RU

Key dates

Filing date	Nov 25, 2015
Grant date	Aug 2, 2016
Priority date	—
Expiry date	Nov 25, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Disclosed are system and method for detecting malicious code in random access memory. An exemplary method comprises: detecting, by a hardware processor, a process of an untrusted program on the computer; identifying, by the hardware processor, function calls made by the process of the untrusted program, including inter-process function calls made by the process to a destination process; determining, by the hardware processor, whether to perform malware analysis of a code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program; and when it is determined to perform malware analysis, analyzing the code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program using antivirus software executable by the hardware processor.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.