FIELD: information technology.
SUBSTANCE: method of detecting a malicious code in a file includes: executing a process running from a file using a sandbox; intercepting the API-function calls; consecutive recording of intercepted API-function calls in the first log, saving the process memory dump to the dump database; repeating the previous operations until the exit condition is met; detecting, at least, one signature of the first type from among the signatures of the first type in the first log; after detecting the signature of the first type, transferring at least, one memory dump stored in the database of dumps to the emulator; during execution of the process in the emulator, sequential entering records containing information about the call of the API function in the second log; detecting a malicious code in a file, if the second log contains, at least, one signature of the second type from the signature database of the second type.
EFFECT: improving the detection of a malicious code in a file in comparison with existing methods for detecting a malicious code.
54 cl, 4 dwg
Title | Year | Author | Number |
---|---|---|---|
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD | 2018 |
|
RU2697954C2 |
SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE | 2016 |
|
RU2628921C1 |
SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES | 2017 |
|
RU2673407C1 |
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS | 2017 |
|
RU2661533C1 |
EMULATOR AND METHOD FOR EMULATION | 2020 |
|
RU2757409C1 |
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE | 2018 |
|
RU2724790C1 |
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS | 2020 |
|
RU2763115C1 |
METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS | 2020 |
|
RU2762528C1 |
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2589862C1 |
Authors
Dates
2017-12-08—Published
2016-09-08—Filed