System and method of analysis of files for maliciousness in a virtual machine

Disclosed are systems and methods of analysis of files for maliciousness in a virtual machine. An exemplary method comprises: opening and executing a file by a processor in a virtual machine; intercepting an event arising in the process of execution of a thread of a process created upon opening of t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Butuzov, Vitaly V, Kobychev, Denis Y, Pintiysky, Vladislav V, Anikin, Denis V, Karasovsky, Dmitry V, Golovkin, Maxim Y, Kirsanov, Dmitry A
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Disclosed are systems and methods of analysis of files for maliciousness in a virtual machine. An exemplary method comprises: opening and executing a file by a processor in a virtual machine; intercepting an event arising in the process of execution of a thread of a process created upon opening of the file; halting the execution of the thread; reading the context of the processor on which the thread is being executed; comparing the context of the processor with one or more rules; and based on the results of the comparison, performing at least one of: recognizing the file as being malicious; halting the execution of the process created upon opening of the file; changing the context of the processor; and waiting for the next intercepted event.