Patent · US Active

Systems and methods for detecting malicious executable files containing an interpreter by combining emulators

US9501643B1 · kind B1 · utility

11Cited by

13References

17Claims

0Family size

Assignee

AO Kaspersky Lab · RU

Inventors

Vyacheslav V. Zakorzhevsky · Moscow, RU
Dmitry V. Vinogradov · Moscow, RU
Vladislav V. Pintiysky · Moscow, RU
Dmitry A. Kirsanov · Moscow, RU

Key dates

Filing date	Feb 4, 2016
Grant date	Nov 22, 2016
Priority date	—
Expiry date	Feb 4, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems and methods to detect malicious executable files having a script language interpreter by combining a script emulator and a machine code emulator. A system includes an analyzer configured to convert a script into pseudocode and monitor an emulation process of the pseudocode, a script emulator configured to sequentially emulate the pseudocode and write emulation results to an emulator operation log, and a machine code emulator configured to emulate the pseudocode if a transition from pseudocode to machine code is detected by the analyzer, such that the analyzer can analyze the emulator operation log to determine if the executable file is malicious.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.