Patenton — panteon of patents

(19)

RU

(11)

2 659 738

(13)

C1

(51)

IPC

G06F21/55(2013-01-01)

G06F21/57(2013-01-01)

G06F12/14(2006-01-01)

(21) (22)

Application

2017133839, 2017-09-29

(24)

Start date

2017-09-29

(22)

Actual filing date

2017-09-29

(45)

Published

2018-07-03

(72)

Inventor

Pavlyushchik Mikhail Aleksandrovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD OF DETECTING MALICIOUS SCRIPT Russian patent published in 2018 - IPC G06F21/55 G06F21/57 G06F12/14 

Abstract RU 2659738 C1

FIELD: information technology.

SUBSTANCE: invention relates to the field of information security, namely the detection of a malicious script. Method for detecting a malicious script, performed by a computer system, in which it is detected that the process is started from the trusted executable file of the scripting interpreter, detect the process execution address to the suspicious memory address, analyze the memory area in the process address space in the vicinity of the suspect memory address, during the analysis detect an image of the executable file downloaded from another file in the process address space, detect malicious code in the address space of the process by analyzing the detected image of the executable file downloaded from another file, recognize a malicious script, which instructions were executed by the scripting interpreter until the malicious code was detected in the address space of the process started from the trusted executable file of the scripting interpreter.

EFFECT: wider range of technical means for detecting a malicious script.

5 cl, 3 dwg

Similar patents RU2659738C1

Title Year Author Number
SYSTEM AND METHOD OF DETECTING THE HARMFUL CODE IN THE ADDRESS PROCESS SPACE 2017
  • Pavlyushchik Mikhail Aleksandrovich
 RU2665910C1
METHOD OF DETECTING SUSPICIOUS ACTIVITY ASSOCIATED WITH USING COMMAND LINE INTERPRETER 2023
  • Ovcharik Vladislav Ivanovich
  • Shulmin Aleksei Sergeevich
 RU2817556C1
SYSTEM AND METHOD OF ASSESSMENT OF HARMFULLNESS OF CODE EXECUTED IN ADDRESSING SPACE OF CONFIDENTIAL PROCESS 2013
  • Pavljushchik Mikhail Aleksandrovich
 RU2531861C1
EMULATOR AND METHOD FOR EMULATION 2020
  • Pintijskij Vladislav Valerevich
  • Anikin Denis Vyacheslavovich
  • Kirsanov Dmitrij Aleksandrovich
  • Trofimenko Sergej Vladimirovich
 RU2757409C1
METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY 2015
  • Pavlyushshik Mikhail Aleksandrovich
  • Monastyrskij Aleksej Vladimirovich
  • Nazarov Denis Aleksandrovich
 RU2592383C1
METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY 2015
  • Pavlyushshik Mikhail Aleksandrovich
  • Monastyrskij Aleksej Vladimirovich
  • Nazarov Denis Aleksandrovich
 RU2589862C1
METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS 2015
  • Zakorzhevskij Vyacheslav Vladimirovich
  • Vinogradov Dmitrij Valerevich
  • Pintijskij Vladislav Valerevich
  • Kirsanov Dmitrij Aleksandrovich
 RU2622627C2
SYSTEM AND METHOD OF REDUCING LOAD ON OPERATING SYSTEM WHEN EXECUTING ANTIVIRUS APPLICATION 2013
  • Sobko Andrej Vladimirovich
  • Judin Maksim Vital'Evich
  • Mezhuev Pavel Nikolaevich
  • Godunov Il'Ja Borisovich
  • Shirokij Maksim Aleksandrovich
 RU2571723C2
METHOD FOR EXCLUDING PROCESSES OF ANTIVIRUS SCANNING ON THE BASIS OF DATA ON FILE 2015
  • Levchenko Vyacheslav Ivanovich
  • Yudin Maksim Vitalevich
 RU2595510C1
SYSTEM AND METHOD FOR CATEGORIZATION OF .NET APPLICATIONS 2018
  • Kuskov Vladimir Anatolevich
  • Anikin Denis Vyacheslavovich
  • Kirsanov Dmitrij Aleksandrovich
 RU2756186C2

RU 2 659 738 C1

Authors

Pavlyushchik Mikhail Aleksandrovich

Dates

2018-07-03Published

2017-09-29Filed

download Download PDF read Similar patents