Malicious file detection method and device, electronic equipment and storage medium

Malicious file detection method and device, electronic equipment and storage medium

The invention provides a malicious file detection method and a related device. The malicious file detection method comprises the following steps: acquiring a function library file used by an input method program and a module file corresponding to the function library file in a memory; when it is det...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: FAN YUAN, WANG XIN, WU ZHUOQUN, SHEN YUANHUA
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a malicious file detection method and a related device. The malicious file detection method comprises the following steps: acquiring a function library file used by an input method program and a module file corresponding to the function library file in a memory; when it is determined that both the function library file and the module file are PE files, comparing a first code segment in the function library file with a second code segment in the module file, and determining machine codes, different from those in the first code segment, in the second code segment; when it is determined that the machine code contains the preset instruction, judging that the module file is a malicious file; the preset instruction comprises jmp, push, pop and int3; after a function library file and a module file are determined to be PE files, an abnormal machine code in the module file is extracted by comparing the two files, and then the malicious inline hook setting condition in the module file is determin