发明名称 |
SYSTEM AND METHOD FOR DETECTING HARMFUL FILES EXECUTABLE ON A VIRTUAL STACK MACHINE |
摘要 |
Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: identifying data from a file executed on the virtual stack machine, the data including parameters of a file section of the file and/or parameters of a function of the file; searching in a database for at least one cluster of safe files that contains at least one of: a value of the parameters of the file section exceeding a first threshold, and a value of the parameters of the function exceeding a second threshold; creating a cluster of data of the file based on the identified cluster of safe files; calculating a checksum of the created cluster of data of the file; and determining that the file is a harmful file if the computed checksum matches a checksum in a database of checksums of harmful files. |
申请公布号 |
EP3136276(A1) |
申请公布日期 |
2017.03.01 |
申请号 |
EP20150184122 |
申请日期 |
2015.09.07 |
申请人 |
AO Kaspersky Lab |
发明人 |
IVANOV, Anton M.;LISKIN, Alexander V. |
分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|