System and method of detecting malicious intermediate language files

A system and method of detecting malicious intermediate language files are disclosed. In an embodiment, the system includes a database comprising hashes of known malicious files, a resource allocationmodule configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module and configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold. 本发明公开了种用于识别恶意中间语言文件的系统和方法。在个示例性方面中，所述系统包括包含已知恶意文件的散列的数据库；被配置成从正在被分析的文件中选取资源的集合的资源分配模块；耦接到所述资源分配模块的散列计算模块，所述散列计算模块被配置成计算所述资源的集合的感知散列；以及耦