Show metadata Hide metadata

(19)

(11)

2 724 790

(13)

(51)

IPC

G06F21/53(2013-01-01)

G06F21/55(2013-01-01)

(21) (22)

Application

2018147237, 2018-12-28

(24)

Start date

2018-12-28

(22)

Actual filing date

2018-12-28

(45)

Published

2020-06-25

(72)

Inventor

Monastyrskij Aleksej VladimirovichPavlyushchik Mikhail AleksandrovichPintijskij Vladislav ValerevichAnikin Denis VyacheslavovichKirsanov Dmitrij Aleksandrovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE Russian patent published in 2020 - IPC G06F21/53 G06F21/55

Abstract RU 2724790 C1

FIELD: physics.

SUBSTANCE: invention relates to a method of generating a log when executing a file with vulnerabilities. Method comprises steps of: detecting, by an interception means during execution of a process stream created when opening said file, an event, at occurrence of which triggers a flip-flop describing conditions associated with an event associated with an attempt to exploit a malicious application of said file; method includes analysing, by an interception means, a stack of a process created when opening said file, detecting a sequence of calls of functions preceding an event on which a trigger has triggered; method includes analysing, by an intercepting means, a detected sequence of function calls for performing associated triggering conditions; in case of accompanying triggering conditions related to attempt to exploit said file vulnerability by malware, data on detected sequence of function calls are stored in log for subsequent analysis by means of analysis in order to detect availability of malicious application in virtual machine.

EFFECT: technical result is higher accuracy of detecting presence in a virtual machine of a malicious application exploiting a security file vulnerability.

14 cl, 4 dwg

Similar patents RU2724790C1

Title	Year	Author	Number
SYSTEM AND METHOD OF FILE ANALYSIS FOR MALICIOUSNESS IN VIRTUAL MACHINE	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2665911C2
SYSTEM AND METHOD FOR LOG FORMING IN VIRTUAL MACHINE FOR ANTI-VIRUS FILE CHECKING	2017	Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kobychev Denis Yurevich Golovkin Maksim Yurevich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich Kirsanov Dmitrij Aleksandrovich	RU2649794C1
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
METHOD OF DETECTING MALICIOUS FILES THAT COUNTERACT ANALYSIS IN ISOLATED ENVIRONMENT	2018	Karasovskij Dmitrij Valerievich Shulmin Aleksej Sergeevich Kobychev Denis Yurevich	RU2708355C1
SYSTEM AND METHOD FOR PERFORMING ANTI-VIRUS SCAN OF FILE ON VIRTUAL MACHINE	2016	Monastyrskij Aleksej Vladimirovich Butuzov Vitalij Vladimirovich Golovkin Maksim Yurevich Karasovskij Dmitrij Valerievich Pintijskij Vladislav Valerevich Kobychev Denis Yurevich	RU2628921C1
METHOD FOR EXCLUDING PROCESSES OF ANTIVIRUS SCANNING ON THE BASIS OF DATA ON FILE	2015	Levchenko Vyacheslav Ivanovich Yudin Maksim Vitalevich	RU2595510C1
SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD	2018	Gordejchik Sergej Vladimirovich Soldatov Sergej Vladimirovich Sapronov Konstantin Vladimirovich	RU2697954C2
METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS	2015	Zakorzhevskij Vyacheslav Vladimirovich Vinogradov Dmitrij Valerevich Pintijskij Vladislav Valerevich Kirsanov Dmitrij Aleksandrovich	RU2622627C2
SYSTEM AND METHOD FOR CATEGORIZATION OF .NET APPLICATIONS	2018	Kuskov Vladimir Anatolevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich	RU2756186C2
METHOD OF DETECTION OF A MALICIOUS FILE USING THE DATABASE OF VULNERABLE DRIVERS	2022	Lopatin Evgenii Igorevich Kondratev Dmitrii Andreevich	RU2794713C1

RU 2 724 790 C1

Authors

Monastyrskij Aleksej Vladimirovich

Pavlyushchik Mikhail Aleksandrovich

Pintijskij Vladislav Valerevich

Anikin Denis Vyacheslavovich

Kirsanov Dmitrij Aleksandrovich

Dates

2020-06-25—Published

2018-12-28—Filed