System and method of analysis of files for maliciousness in a virtual machine
Disclosed are systems and methods of analysis of files for maliciousness in a virtual machine. An exemplary method comprises: opening and executing a file by a processor in a virtual machine; intercepting an event arising in the process of execution of a thread of a process created upon opening of t...
Gespeichert in:
Hauptverfasser: | , , , , , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Disclosed are systems and methods of analysis of files for maliciousness in a virtual machine. An exemplary method comprises: opening and executing a file by a processor in a virtual machine; intercepting an event arising in the process of execution of a thread of a process created upon opening of the file; halting the execution of the thread; reading the context of the processor on which the thread is being executed; comparing the context of the processor with one or more rules; and based on the results of the comparison, performing at least one of: recognizing the file as being malicious; halting the execution of the process created upon opening of the file; changing the context of the processor; and waiting for the next intercepted event. |
---|