System and Method for Emulation-based Detection of Malicious Code with Unmet Operating System or Architecture Dependencies

System and Method for Emulation-based Detection of Malicious Code with Unmet Operating System or Architecture Dependencies

System, method and media are shown for detecting potentially malicious code by iteratively emulating potentially malicious code, that involve, for each offset of a memory image, emulating execution of an instruction at the offset on a first platform and, if execution fails, determining whether the i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Momot Falcon
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:System, method and media are shown for detecting potentially malicious code by iteratively emulating potentially malicious code, that involve, for each offset of a memory image, emulating execution of an instruction at the offset on a first platform and, if execution fails, determining whether the instruction at the offset has relevance to at least a second platform and, if so, emulating execution of the instruction at the offset on the second platform. If execution succeeds, it involves checking the behavior of the executing code for suspect behavior, and identifying the executing code as malicious code if suspect behavior is detected. Refinements involve applying this process to also determine aspects of information related to the target of any discovered code, malicious or otherwise.