ANALYZING A PASSWORD-PROTECTED FILE FOR MALWARE

摘要

A device may receive a password-protected file to be accessed for analysis. The device may identify a contextual term, associated with the password-protected file, to be used as a password to attempt to access the password-protected file. The contextual term may be identified based on at least one of: metadata associated with the password-protected file, metadata associated with a source from which the password-protected file is received, or text associated with the source from which the password-protected file is received. The device may apply the contextual term as the password to attempt to access the password-protected file.

主权项

1. A device, comprising:
a memory to store instructions; and one or more processors, to execute the instructions, to:
receive a password-protected file to be accessed for analysis;perform an analysis to identify a contextual term, associated with the password-protected file, to be used as a password to attempt to access the password-protected file,
the contextual term being identified based on at least one of:
metadata of the password-protected file,metadata of a source from which the password-protected file is received,text in a message that includes the password-protected file, ortext from the source from which the password-protected file is received;apply the contextual term as the password to attempt to access the password-protected file; andperform an analysis of the password-protected file to determine whether the password-protected file contains malware.