Invention Grant
US09483644B1 Methods for detecting file altering malware in VM based analysis
有权
在基于VM的分析中检测文件更改恶意软件的方法
- Patent Title: Methods for detecting file altering malware in VM based analysis
- Patent Title (中): 在基于VM的分析中检测文件更改恶意软件的方法
-
Application No.: US14675648Application Date: 2015-03-31
-
Publication No.: US09483644B1Publication Date: 2016-11-01
- Inventor: Sushant Paithane , Sai Vashisht , Raymond Yang , Yasir Khalid
- Applicant: FireEye, Inc.
- Applicant Address: US CA Milpitas
- Assignee: FireEye, Inc.
- Current Assignee: FireEye, Inc.
- Current Assignee Address: US CA Milpitas
- Agency: Rutan & Tucker, LLP
- Main IPC: G06F21/56
- IPC: G06F21/56 ; G06F17/30
Abstract:
According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.
Information query
