SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE Russian patent published in 2017 - IPC G06F21/56 G06F21/53 G06F9/455 

Abstract RU 2637997 C1

FIELD: information technology.

SUBSTANCE: method of detecting a malicious code in a file includes: executing a process running from a file using a sandbox; intercepting the API-function calls; consecutive recording of intercepted API-function calls in the first log, saving the process memory dump to the dump database; repeating the previous operations until the exit condition is met; detecting, at least, one signature of the first type from among the signatures of the first type in the first log; after detecting the signature of the first type, transferring at least, one memory dump stored in the database of dumps to the emulator; during execution of the process in the emulator, sequential entering records containing information about the call of the API function in the second log; detecting a malicious code in a file, if the second log contains, at least, one signature of the second type from the signature database of the second type.

EFFECT: improving the detection of a malicious code in a file in comparison with existing methods for detecting a malicious code.

54 cl, 4 dwg

Similar patents RU2637997C1

Title Year Author Number
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD 2018
  • Gordejchik Sergej Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Sapronov Konstantin Vladimirovich
RU2697954C2
SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE 2016
  • Monastyrskij Aleksej Vladimirovich
  • Butuzov Vitalij Vladimirovich
  • Golovkin Maksim Yurevich
  • Karasovskij Dmitrij Valerievich
  • Pintijskij Vladislav Valerevich
  • Kobychev Denis Yurevich
RU2628921C1
SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS FILES 2017
  • Gordejchik Sergej Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Sapronov Konstantin Vladimirovich
RU2673407C1
SYSTEM AND METHOD OF DETECTING THE SIGNS OF COMPUTER ATTACKS 2017
  • Gordejchik Sergej Vladimirovich
  • Sapronov Konstantin Vladimirovich
  • Parshin Yurij Gennadevich
  • Kheirkhabarov Tejmur Samedovich
  • Soldatov Sergej Vladimirovich
RU2661533C1
EMULATOR AND METHOD FOR EMULATION 2020
  • Pintijskij Vladislav Valerevich
  • Anikin Denis Vyacheslavovich
  • Kirsanov Dmitrij Aleksandrovich
  • Trofimenko Sergej Vladimirovich
RU2757409C1
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE 2018
  • Monastyrskij Aleksej Vladimirovich
  • Pavlyushchik Mikhail Aleksandrovich
  • Pintijskij Vladislav Valerevich
  • Anikin Denis Vyacheslavovich
  • Kirsanov Dmitrij Aleksandrovich
RU2724790C1
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY 2015
  • Pavlyushshik Mikhail Aleksandrovich
  • Monastyrskij Aleksej Vladimirovich
  • Nazarov Denis Aleksandrovich
RU2592383C1
METHOD FOR ADJUSTING THE PARAMETERS OF A MACHINE LEARNING MODEL IN ORDER TO IDENTIFY FALSE TRIGGERING AND INFORMATION SECURITY INCIDENTS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
RU2763115C1
METHOD FOR PROCESSING INFORMATION SECURITY EVENTS PRIOR TO TRANSMISSION FOR ANALYSIS 2020
  • Filonov Pavel Vladimirovich
  • Soldatov Sergej Vladimirovich
  • Udimov Daniil Alekseevich
RU2762528C1
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY 2015
  • Pavlyushshik Mikhail Aleksandrovich
  • Monastyrskij Aleksej Vladimirovich
  • Nazarov Denis Aleksandrovich
RU2589862C1

RU 2 637 997 C1

Authors

Golovkin Maksim Yurevich

Monastyrskij Aleksej Vladimirovich

Pintijskij Vladislav Valerevich

Pavlyushchik Mikhail Aleksandrovich

Butuzov Vitalij Vladimirovich

Karasovskij Dmitrij Valerievich

Dates

2017-12-08Published

2016-09-08Filed