Patent · US Active

Multistage system and method for analyzing obfuscated content for malware

US9690936B1 · kind B1 · utility

175Cited by

206References

21Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Amit Malik · Palatine, US
Shivani Deshpande · Fremont, US
Abhishek Singh · Redmond, US
Wei Zheng · Beijing, CN

Key dates

Filing date	Jul 1, 2014
Grant date	Jun 27, 2017
Priority date	—
Expiry date	Jul 1, 2034

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A malware detection system configured to detect suspiciousness in obfuscated content. A multi-stage static detection logic is utilized to detect obfuscation, make the obfuscated content accessible, identify suspiciousness in the accessible content and filter non-suspicious non-obfuscated content from further analysis. The system is configured to identify obfuscated content, de-obfuscate obfuscated content, identify suspicious characteristics in the de-obfuscated content, execute a virtual machine to process the suspicious network content and detect malicious network content while removing from further analysis non-suspicious network content.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.