Patenton — panteon of patents

(19)

RU

(11)

2 658 132

(13)

C1

(51)

IPC

G06F21/56(2013-01-01)

(21) (22)

Application

2017128095, 2014-03-03

(24)

Start date

2014-03-03

(22)

Actual filing date

2014-03-03

(45)

Published

2018-06-19

(72)

Inventor

Gupta, Deepak

(73)

Holder

Mcafee, Inc.

GENERAL UNPACKING OF APPLICATIONS FOR DETECTING MALICIOUS PROGRAMS Russian patent published in 2018 - IPC G06F21/56 

Abstract RU 2658132 C1

FIELD: information technology.

SUBSTANCE: invention relates to means for detecting malicious programs in an executable module. Method of unpacking a self-extracting executable module to detect a malicious program contains: loading the self-extracting executable into memory containing the first unpacking dummy module and a packed executable; allowing the first unpacking dummy module to unpack the packed executable into an unpacked executable; detecting of an attempt to record on a memory page, code on which it was previously executed, by controlling access permissions to memory pages using virtualization with hardware support; detection of the completion of the first unpacking dummy module using one or more heuristics; and scanning the unpacked executable module to detect a malicious program, one or more heuristics contain a definition of whether an entry on the memory page that throws a page entry exception is written to the last page of a section of memory pages.

EFFECT: managed unpacking of a packed application regardless of the knowledge of the unpacking algorithm is provided.

25 cl, 8 dwg

Similar patents RU2658132C1

Title Year Author Number
GENERAL UNPACKING OF APPLICATIONS FOR DETECTING MALICIOUS PROGRAMS 2014
  • Gupta Dipak
 RU2632163C2
COMPUTER SECURITY SYSTEMS AND METHODS USING ASYNCHRONOUS INTROSPECTION EXCEPTIONS 2016
  • Lukaks Sandor
  • Sirb Kristyan-Bogdan
  • Lutas Andrej-Vlad
 RU2703156C2
SYSTEM AND METHOD OF CREATING SOFTWARE DETECTION RECORDS 2012
  • Golovkin Maksim Jur'Evich
 RU2491615C1
METHOD OF ASSOCIATING PREVIOUSLY UNKNOWN FILE WITH COLLECTION OF FILES DEPENDING ON DEGREE OF SIMILARITY 2009
  • Malanov Aleksej Vladimirovich
 RU2420791C1
SYSTEMS AND METHODS OF MONITORING MALWARE BEHAVIOR TO MULTIPLE OBJECTS OF SOFTWARE 2016
  • Khazhmasan George-Florin
  • Portase Radu-Maryan
 RU2683152C1
SYSTEM AND METHOD TO COMPARE FILES BASED ON FUNCTIONALITY TEMPLATES 2009
  • Vasilenko Roman Sergeevich
 RU2427890C2
SYSTEM AND METHOD OF CHECKING EXECUTABLE CODE BEFORE EXECUTION THEREOF 2012
  • Pavljushchik Mikhail Aleksandrovich
 RU2510074C2
METHOD OF DETECTING MALWARE IN OPERATING SYSTEM KERNEL 2012
  • Tumojan Evgenij Petrovich
  • Ol'Shanov Konstantin Dmitrievich
  • Cherementsev Sergej Nikolaevich
 RU2510075C2
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE 2016
  • Golovkin Maksim Yurevich
  • Monastyrskij Aleksej Vladimirovich
  • Pintijskij Vladislav Valerevich
  • Pavlyushchik Mikhail Aleksandrovich
  • Butuzov Vitalij Vladimirovich
  • Karasovskij Dmitrij Valerievich
 RU2637997C1
FUZZY WHITELISTING ANTI-MALWARE SYSTEMS AND METHODS 2012
  • Tofan I. Vlad
  • Dudya V. Sorin
  • Kanzha D. Vorel
 RU2607231C2

RU 2 658 132 C1

Authors

Gupta, Deepak

Dates

2018-06-19Published

2014-03-03Filed

download Download PDF read Similar patents