公开(公告)号：US20210019408A1

公开(公告)日：2021-01-21

申请号：US16513639

申请日：2019-07-16

Applicant: Avast Software s.r.o.

Inventor： Nikolaos Chrysaidos

IPC: G06F21/56 ,  G06F21/55

Abstract: A malware analysis system is operable to select a family of related malware for evaluation from a database of observed malware. The system extracts static and dynamic features of the malware samples from the selected malware family in the database, and an observation time of each of the malware samples from the selected malware family. The system then creates a visualization illustrating change in at least one of static and dynamic features of the selected malware family over time. The system extracts a geographic location of a command and control server associated with malware samples if present, and the created visualization further illustrates the geographic areas in which the malware was found. The system illustrates a group of malware detections as an object having characteristics indicating one or more of the features in the clustered malware detections, and/or the number of features that vary between the clustered malware detections.

公开(公告)号：US20180268129A1

公开(公告)日：2018-09-20

申请号：US15918874

申请日：2018-03-12

Applicant: Avast Software s.r.o.

Inventor： Nikolaos Chrysaidos

IPC: G06F21/52

CPC classification number: G06F21/52 ,  G06F21/554 ,  G06F21/84 ,  G06F2221/031 ,  G06F2221/2151

Abstract: Systems and methods detect suspicious application overlays on a device. An overlay detection unit can detect if a first foreground application has been replaced, within a threshold amount of time, by a second foreground application. If the replacement time is below a threshold amount of time, a suspicious overlay detection can be triggered to alert the user to a possible phishing attempt by the second foreground application.