-
公开(公告)号:US10521588B1
公开(公告)日:2019-12-31
申请号:US15690591
申请日:2017-08-30
发明人: Qiang Huang , Hu Cao , Jun Wu
摘要: A sample program being evaluated for malware is scanned for presence of a critical code block. A path guide is generated for the sample program, with the path guide containing information on executing the sample program so that an execution path that leads to the critical code block is taken at runtime of the sample program. The path guide is applied to the sample program during dynamic analysis of the sample program so that behavior of the sample program during execution to the critical code block can be observed. This advantageously allows for detection of malicious samples, allowing for a response action to be taken against them.
-
2.发明授权公开(公告)号:US10460108B1
公开(公告)日:2019-10-29
申请号:US15678993
申请日:2017-08-16
发明人: Qiang Huang , Ben Huang , Kai Yu
摘要: The present disclosure provides an automated technique to detect and rectify input-dependent evasion code in a generic manner during runtime. Pattern-based detection is used to detect the evasion code and trigger an identification process. The identification process marks the evasion code and rectifies the execution flow to a more “significant” path. The execution then moves on by following this path to bypass the evasion code. Other embodiments, aspects and features are also disclosed.
-
公开(公告)号:US09817974B1
公开(公告)日:2017-11-14
申请号:US14937254
申请日:2015-11-10
发明人: Qiang Huang , Hu Cao , Kai Yu
CPC分类号: G06F21/563 , G06F11/3644 , G06F21/566
摘要: Execution of a sample program being evaluated for malware is initiated and then suspended to set breakpoints on timing operations of the sample program. Execution of the sample program is suspended again when a breakpoint is hit, at which time a loop is identified in the sample program and evaluated for presence of stalling code. Execution flow of the sample program is changed to exit the loop when the loop is determined to include the stalling code.
-
公开(公告)号:US10162966B1
公开(公告)日:2018-12-25
申请号:US15297585
申请日:2016-10-19
发明人: Qiang Huang , Hu Cao , Xinfeng Liu
摘要: A malware detection system for evaluating sample programs for malware incorporates an evasion code detector. The evasion code detector includes semantic patterns for identifying conditional statements and other features employed by evasion code. The system inserts breakpoints at conditional statements, compares expected and actual evaluated values of conditional variables of the conditional statements, and changes the execution path of the sample program based on the comparison. Changing the execution path of the sample program to an expected execution path counteracts the evasion code, allowing for the true nature of the sample program to be revealed during runtime.
-
-
-
搜索结果
4 条记录 (耗时 0.015 秒)
