Show metadata Hide metadata

(19)

(11)

2 622 627

(13)

(51)

IPC

G06F21/56(2013-01-01)

G06F9/455(2006-01-01)

(21) (22)

Application

2015141543, 2015-09-30

(24)

Start date

2015-09-30

(22)

Actual filing date

2015-09-30

(45)

Published

2017-06-16

(72)

Inventor

Zakorzhevskij Vyacheslav VladimirovichVinogradov Dmitrij ValerevichPintijskij Vladislav ValerevichKirsanov Dmitrij Aleksandrovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS Russian patent published in 2017 - IPC G06F21/56 G06F9/455

Abstract RU 2622627 C2

FIELD: information technology.

SUBSTANCE: method of recognizing malicious executable file that contains the script interpreter is proposed, according to which: executable file that contains the scripting language and script interpreter, associated with said interpreter, is transmitted to parser; commands from said script are converted into pseudocode using parser; emulation of pseudocode execution is run using scripting emulator, and the result is recorded in log of emulators; during the emulation process at least one transition of pseudo-code in native code is discovered, and emulation process is switched on native code emulator using parser; for each detected transition emulation of native code execution is run through native code emulator and result is recorded in log of emulators, and at the end of emulation of native code execution process, emulation process is switched to emulator scripts using parser; said executable file is recognized as malware when malicious behavior is detected in the analysis of log of emulators using parser.

EFFECT: increasing the security of computer systems.

5 cl, 4 dwg

Similar patents RU2622627C2

Title	Year	Author	Number
EMULATOR AND METHOD FOR EMULATION	2020	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich Trofimenko Sergej Vladimirovich	RU2757409C1
METHOD OF CODE EXECUTION BY INTERPRETER	2016	Davydov Vasilij Aleksandrovich Vinogradov Dmitrij Valerevich Gavrilchenko Roman Yurevich Kirsanov Dmitrij Aleksandrovich	RU2634171C1
METHOD OF EMULATING SYSTEM FUNCTION CALLS FOR EVADING EMULATION COUNTERMEASURES	2012	Belov Sergej Jur'Evich	RU2514141C1
METHOD FOR ENHANCEMENT OF OPERATIONAL EFFICIENCY OF HARDWARE ACCELERATION OF APPLICATION EMULATION	2012	Belov Sergej Jur'Evich	RU2514142C1
SYSTEM AND METHOD FOR AUTOMATIC PROCESSING OF SOFTWARE SYSTEM ERRORS	2012	Antukh Aleksandr Ehduardovich Malanov Aleksej Vladimirovich	RU2521265C2
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE	2018	Monastyrskij Aleksej Vladimirovich Pavlyushchik Mikhail Aleksandrovich Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich	RU2724790C1
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
SYSTEM AND METHOD FOR LOG FORMING IN VIRTUAL MACHINE FOR ANTI-VIRUS FILE CHECKING	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2649794C1
SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2665911C2
METHOD FOR EMULATING THE EXECUTION OF FILES COMPRISING INSTRUCTIONS, DIFFERENT FROM MACHINE INSTRUCTIONS	2017	Liskin Aleksandr Viktorovich Krylov Vladimir Vladimirovich	RU2659742C1

RU 2 622 627 C2

Authors

Zakorzhevskij Vyacheslav Vladimirovich

Vinogradov Dmitrij Valerevich

Pintijskij Vladislav Valerevich

Kirsanov Dmitrij Aleksandrovich

Dates

2017-06-16—Published

2015-09-30—Filed