Malware analysis in accordance with an analysis plan

Assignee

• FireEye, Inc. · US

Inventors

• Michael Vincent · Sunnyvale, US
• Ali Mesdaq · San Jose, US
• Emmanuel Thioux · Santa Cruz, US
• Abhishek Singh · Redmond, US
• Sal Vashisht · Union City, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques for malware detection are described. Herein, a system, which detects malware in a received specimen, comprises a processor and a memory. Communicatively coupled to the processor, the memory comprises a controller that controls analysis of the specimen for malware in accordance with an analysis plan. The memory further comprises (a) a static analysis module that performs at least a first static analysis to identify a suspicious indicator of malware and at least partially determine that the specimen includes a packed object; (b) an emulation analysis module that emulates operations associated with processing of the specimen by a software application or library, including unpacking an object of the specimen when the specimen is determined by the static analysis module to include the packed object, and monitors one or more behaviors of the specimen during the emulated operations; and a classifier that determines whether the specimen should be classified as malicious.