SYSTEM AND METHOD OF DETECTING THE HARMFUL CODE IN THE ADDRESS PROCESS SPACE Russian patent published in 2018 - IPC G06F21/56 

FIELD: information technologies.

SUBSTANCE: invention relates to information security. Method for detecting malicious code in the address space of a process, performed by a computer system where: a) detect using the interception tool to start the process from a trusted executable file, while in the process address space there is an image of the executable file; b) detect, with the help of the interceptor, the call performed at the execution of the process to a suspicious memory address, while the memory address is suspicious, if this memory address belongs to a suspicious memory area in the address space of the process; a suspicious memory area in the address space of a process running from an executable file is a memory area, that is outside the image of the executable file in the address space mentioned and at the same time is the executable memory area; c) use with the help of the security tool to analyze the memory area in the address space of the process in the vicinity of the suspect memory address, while during the analysis, the image of the executable file downloaded from another file is found in the process address space; d) detect by means of the security tool the malicious code in the address space of the process by analyzing the detected image of the executable file downloaded from another file, and the analysis is performed using malicious code signatures.

EFFECT: technical result is the detection of malicious code in the address space of the process.

6 cl, 3 dwg