Show metadata Hide metadata

(19)

(11)

2 757 409

(13)

(51)

IPC

G06F21/56(2013-01-01)

G06F9/455(2006-01-01)

(21) (22)

Application

2020120434, 2020-06-19

(24)

Start date

2020-06-19

(22)

Actual filing date

2020-06-19

(45)

Published

2021-10-15

(72)

Inventor

Pintijskij Vladislav ValerevichAnikin Denis VyacheslavovichKirsanov Dmitrij AleksandrovichTrofimenko Sergej Vladimirovich

(73)

Holder

Aktsionernoe Obshchestvo Kasperskogo"

EMULATOR AND METHOD FOR EMULATION Russian patent published in 2021 - IPC G06F21/56 G06F9/455

Abstract RU 2757409 C1

FIELD: information security.

SUBSTANCE: apparatus comprises an emulation tool intended for emulating execution of the instructions of a file on the virtual processor of the emulator; suspending the emulation of execution of the instructions on an API function call; confirming the presence of the API function in the set of updated modules; emulating the execution of said API function following the instructions according to the implementation from the corresponding updated module if the API function is found; transferring control to the execution tool if the API function is not found in the set of updated modules; continuing the emulation of execution of the instructions of the file from the instruction on the return address of the API function using the result of execution of the API function; a set of updated modules stored in the memory consisting of at least one updated module, wherein each updated module from said set comprises an implementation of at least one API function; an execution tool intended for forming the result of execution of said API function according to the implementation of the API function stored in the execution tool or created by the execution tool and further transferring the result of execution of the API function to the emulation tool.

EFFECT: increase in the accuracy of emulation of the instructions of a file, increase in the level of detection of malicious code, reduction in the time of response to new threats.

20 cl, 6 dwg

Similar patents RU2757409C1

Title	Year	Author	Number
METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS	2015	Zakorzhevskij Vyacheslav Vladimirovich Vinogradov Dmitrij Valerevich Pintijskij Vladislav Valerevich Kirsanov Dmitrij Aleksandrovich	RU2622627C2
METHOD OF EMULATING SYSTEM FUNCTION CALLS FOR EVADING EMULATION COUNTERMEASURES	2012	Belov Sergej Jur'Evich	RU2514141C1
METHOD FOR ENHANCEMENT OF OPERATIONAL EFFICIENCY OF HARDWARE ACCELERATION OF APPLICATION EMULATION	2012	Belov Sergej Jur'Evich	RU2514142C1
SYSTEM AND METHOD OF STORAGE OF EMULATOR STATE AND ITS FURTHER RECOVERY	2013	Pintijskij Vladislav Valer'Evich Belov Sergej Jur'Evich	RU2553056C2
SYSTEM AND METHOD FOR AUTOMATIC PROCESSING OF SOFTWARE SYSTEM ERRORS	2012	Antukh Aleksandr Ehduardovich Malanov Aleksej Vladimirovich	RU2521265C2
SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE	2016	Golovkin Maksim Yurevich Monastyrskij Aleksej Vladimirovich Pintijskij Vladislav Valerevich Pavlyushchik Mikhail Aleksandrovich Butuzov Vitalij Vladimirovich Karasovskij Dmitrij Valerievich	RU2637997C1
METHOD FOR FILE EXECUTION EMULATION	2017	Liskin Aleksandr Viktorovich Krylov Vladimir Vladimirovich	RU2659734C1
SYSTEM AND METHOD OF GENERATING LOG WHEN EXECUTING FILE WITH VULNERABILITIES IN VIRTUAL MACHINE	2018	Monastyrskij Aleksej Vladimirovich Pavlyushchik Mikhail Aleksandrovich Pintijskij Vladislav Valerevich Anikin Denis Vyacheslavovich Kirsanov Dmitrij Aleksandrovich	RU2724790C1
METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION	2011	Parshin Jurij Gennad'Evich Pintijskij Vladislav Valer'Evich	RU2472215C1
METHOD FOR EMULATING THE EXECUTION OF FILES COMPRISING INSTRUCTIONS, DIFFERENT FROM MACHINE INSTRUCTIONS	2017	Liskin Aleksandr Viktorovich Krylov Vladimir Vladimirovich	RU2659742C1

RU 2 757 409 C1

Authors

Pintijskij Vladislav Valerevich

Anikin Denis Vyacheslavovich

Kirsanov Dmitrij Aleksandrovich

Trofimenko Sergej Vladimirovich

Dates

2021-10-15—Published

2020-06-19—Filed