Patenton — panteon of patents

(19)

RU

(11)

2 632 163

(13)

C2

(51)

IPC

G06F21/56(2013-01-01)

(21) (22)

Application

2015134172, 2014-03-03

(24)

Start date

2014-03-03

(22)

Actual filing date

2014-03-03

(45)

Published

2017-10-02

(72)

Inventor

Gupta Dipak

(73)

Holder

Makafi, Ink.

GENERAL UNPACKING OF APPLICATIONS FOR DETECTING MALICIOUS PROGRAMS Russian patent published in 2017 - IPC G06F21/56 

Abstract RU 2632163 C2

FIELD: information technology.

SUBSTANCE: method is implemented by executing computer-executable instructions on the storage medium to induce one or more processing units: to load the self-unpacking executable module into memory. Packed executable module is being unpacked. Attempt of recording is detected on the page of memory on which the code was previously executed by controlling access permissions to the page of memory using virtualization with hardware support. Completion of the unpacking of the packed executable module is detected through the first self-unpacking dummy module using one or more module heuristics. Scan of unpacked executable module is performed to detect a malicious program. In this case, one or more heuristics contain: a comparison of the stack pointer value and stack contents, recorded before the detection of the first self-unpacking fictitious module completion, with the stack pointer value and stack contents recorded before the first self-unpacking dummy module is allowed to begin unpacking the packed executable module.

EFFECT: detection of malicious program.

24 cl, 8 dwg

Similar patents RU2632163C2

Title Year Author Number
GENERAL UNPACKING OF APPLICATIONS FOR DETECTING MALICIOUS PROGRAMS 2014
  • Gupta, Deepak
 RU2658132C1
SYSTEM AND METHOD OF CREATING SOFTWARE DETECTION RECORDS 2012
  • Golovkin Maksim Jur'Evich
 RU2491615C1
COMPUTER SECURITY SYSTEMS AND METHODS USING ASYNCHRONOUS INTROSPECTION EXCEPTIONS 2016
  • Lukaks Sandor
  • Sirb Kristyan-Bogdan
  • Lutas Andrej-Vlad
 RU2703156C2
METHOD OF ASSOCIATING PREVIOUSLY UNKNOWN FILE WITH COLLECTION OF FILES DEPENDING ON DEGREE OF SIMILARITY 2009
  • Malanov Aleksej Vladimirovich
 RU2420791C1
SYSTEM AND METHOD OF CHECKING EXECUTABLE CODE BEFORE EXECUTION THEREOF 2012
  • Pavljushchik Mikhail Aleksandrovich
 RU2510074C2
COMPUTER SYSTEM AND METHOD FOR DETECTING MALWARE USING MACHINE LEARNING 2021
  • Dichiu Daniel
  • Dincu Andreea
  • Botarleanu Robert-Mihail
  • Zamfir Sorina N.
  • Bosinceanu Elena A.
  • Prejbeanu Razvan
 RU2802860C1
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE 2016
  • Golovkin Maksim Yurevich
  • Monastyrskij Aleksej Vladimirovich
  • Pintijskij Vladislav Valerevich
  • Pavlyushchik Mikhail Aleksandrovich
  • Butuzov Vitalij Vladimirovich
  • Karasovskij Dmitrij Valerievich
 RU2637997C1
SYSTEMS AND METHODS OF MONITORING MALWARE BEHAVIOR TO MULTIPLE OBJECTS OF SOFTWARE 2016
  • Khazhmasan George-Florin
  • Portase Radu-Maryan
 RU2683152C1
SYSTEM AND METHOD TO COMPARE FILES BASED ON FUNCTIONALITY TEMPLATES 2009
  • Vasilenko Roman Sergeevich
 RU2427890C2
SYSTEM AND METHODS FOR AUDITING A VIRTUAL MACHINE 2017
  • Lukacs Sandor
  • Lutas Andrei-Vlad
  • Anichitei Ionel C.
 RU2691187C1

RU 2 632 163 C2

Authors

Gupta Dipak

Dates

2017-10-02Published

2014-03-03Filed

download Download PDF read Similar patents