Image detection method, device and system for malicious codes

The invention discloses a graphical detection method, device and system for a malicious code, and the method comprises the steps: disassembling the malicious code, obtaining a binary file and an assembly file, and enabling the binary file and the assembly file to comprise the same relative virtual address; encoding data in the assembly file according to a first encoding rule to obtain a first code at each relative virtual address; encoding data in the binary file according to a second encoding rule and a third encoding rule to obtain a second code and a third code at each relative virtual address; and using the first code, the second code and the third code at each relative virtual address as RGB values, generating an image of the malicious code, and identifying the image to determine the category of the malicious code. The detection precision can be improved. 本发明公开了一种针对恶意代码的图像化检测方法、装置和系统，其中，图像化检测方法包括对恶意代码进行反汇编，得到二进制文件和汇编文件，二进制文件和汇编文件包括相同的相对虚拟地址；对汇编文件中的数据按照第一编码规则编码，得到各个相对虚拟地址处的第一编码；对二进制文件中的数据分别按照第二编码规则和第三编码规则