Show metadata Hide metadata

(19)

(11)

2 628 921

(13)

(51)

IPC

G06F21/53(2013-01-01)

G06F21/56(2013-01-01)

(21) (22)

Application

2016109928, 2016-03-18

(24)

Start date

2016-03-18

(22)

Actual filing date

2016-03-18

(45)

Published

2017-08-22

(72)

Inventor

Monastyrskij Aleksej VladimirovichButuzov Vitalij VladimirovichGolovkin Maksim YurevichKarasovskij Dmitrij ValerievichPintijskij Vladislav ValerevichKobychev Denis Yurevich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE Russian patent published in 2017 - IPC G06F21/53 G06F21/56

Abstract RU 2628921 C1

FIELD: information technology.

SUBSTANCE: computer-implemented method for performing an anti-virus scan of a file on a virtual machine in which: a file in a virtual machine is executed with successive entry of API function calls and entry of internal events into the first log, the first type signature from the database of first type signatures is identified from the first log, re-execution of the file is performed on the virtual machine with entries of internal events in the second log. After that, the second type signature is identified in the second log from the second type signature database and the criterion for making entries about the API function calls based on the second and the first logs is determined, the third execution of the file is made on the virtual machine, adding only internal events to the third log, as long as the criterion for entering records about API function calls, after which records are made about API function calls, is not performed, an anti-virus scan of the file is performed by identifying in the third log a malicious signature using database of malicious signatures, the file will be considered malicious when a malicious signature is detected in the third log.

EFFECT: detecting a malicious file containing program code that makes it difficult to detect this malicious file when executing a file on a virtual machine.

40 cl, 3 tbl, 6 dwg

Similar patents RU2628921C1

Title	Year	Author	Number
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD	2018	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2697954C2
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE	2018	Monastyrskij Aleksej Vladimirovich Pavlyushchik Mikhail Aleksandrovich Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich	RU2724790C1
SYSTEM AND METHOD FOR LOG FORMING IN VIRTUAL MACHINE FOR ANTI-VIRUS FILE CHECKING	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2649794C1
SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES	2017	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2673407C1
SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2665911C2
EMULATOR AND METHOD FOR EMULATION	2020	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich Trofimenko Sergej Vladimirovich	RU2757409C1
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2592383C1
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY	2015	Pavlyushshik Mikhail Aleksandrovich Monastyrskij Aleksej Vladimirovich Nazarov Denis Aleksandrovich	RU2589862C1
METHOD OF DETECTING MALICIOUS FILES THAT COUNTERACT ANALYSIS IN ISOLATED ENVIRONMENT	2018	Karasovskij Dmitrij Valerievich Shulmin Aleksej Sergeevich Kobychev Denis Yurevich	RU2708355C1

RU 2 628 921 C1

Authors

Monastyrskij Aleksej Vladimirovich

Butuzov Vitalij Vladimirovich

Golovkin Maksim Yurevich

Karasovskij Dmitrij Valerievich

Pintijskij Vladislav Valerevich

Kobychev Denis Yurevich

Dates

2017-08-22—Published

2016-03-18—Filed