FIELD: information technology.
SUBSTANCE: determining by means of the calculation tool whether the file is composite; extracting the first set of attributes from the header of the composite file with the help of the calculation tool, if previously at the stage it was determined that the file is composite; selecting the second set of attributes from at least one directory of the composite file by the calculation tool if earlier at the stage it was determined that the file is composite; calculating using calculation tool a hash of composite file using at least the first and second set of features; recognizing by means of a comparison tool a composite file is malicious if the computed hash of the composite file is the same as the hash of malicious composite file; wherein the hash of a malicious composite file is stored in a hash database.
EFFECT: protecting the computing device from malicious programs by detecting a malicious composite file.
5 cl, 4 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD OF COMPOSITE FILE ACCESS CONTROL | 2017 |
|
RU2659739C1 |
| METHOD FOR DETERMINING SIMILARITY OF COMPOSITE FILES | 2016 |
|
RU2628922C1 |
| SYSTEM AND METHOD OF FORMATION OF ANTI-VIRUS RECORDS USED TO DETECT MALICIOUS FILES ON USER'S COMPUTER | 2015 |
|
RU2617654C2 |
| SYSTEM AND METHOD FOR TWO-STAGE CLASSIFICATION OF FILES | 2018 |
|
RU2708356C1 |
| SYSTEM AND METHOD OF REDUCING NUMBER OF FALSE TRIGGERING OF CLASSIFICATION ALGORITHMS | 2018 |
|
RU2706883C1 |
| METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
| METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2589862C1 |
| METHOD FOR DETECTING MALICIOUS FILES BASED ON FILE FRAGMENTS | 2019 |
|
RU2747464C2 |
| METHOD FOR FASTER FULL ANTIVIRUS SCANNING OF FILES ON MOBILE DEVICE | 2019 |
|
RU2726878C1 |
| METHOD FOR SELECTIVE REPEATED ANTIVIRUS SCANNING OF FILES ON MOBILE DEVICE | 2019 |
|
RU2726877C1 |
