摘要 |
Methods, systems and media are shown for detecting omnientrant code segments to identify potential malicious code involving, for each offset of a code segment, disassembling the code segment from the offset, determining whether the disassembled code is executable, and incrementing an offset execution value. This approach also involves checking whether the offset execution value exceeds an alert threshold value and generating a malicious code alert for the code segment if the offset execution value exceeds the alert threshold value. Some examples further involve, for each executable offset, identifying a final execution address of the offset, comparing the final execution addresses of the offsets for the code segment, and generating the malicious code alert for the code segment if a proportion of the executable offsets have a common value for the final execution address exceeds a frequency threshold. |