SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE Russian patent published in 2017 - IPC G06F21/56 G06F21/53 G06F9/455 

FIELD: information technology.

SUBSTANCE: method of detecting a malicious code in a file includes: executing a process running from a file using a sandbox; intercepting the API-function calls; consecutive recording of intercepted API-function calls in the first log, saving the process memory dump to the dump database; repeating the previous operations until the exit condition is met; detecting, at least, one signature of the first type from among the signatures of the first type in the first log; after detecting the signature of the first type, transferring at least, one memory dump stored in the database of dumps to the emulator; during execution of the process in the emulator, sequential entering records containing information about the call of the API function in the second log; detecting a malicious code in a file, if the second log contains, at least, one signature of the second type from the signature database of the second type.

EFFECT: improving the detection of a malicious code in a file in comparison with existing methods for detecting a malicious code.

54 cl, 4 dwg