SYSTEM AND METHOD FOR DETECTING HARMFUL FILES EXECUTABLE ON A VIRTUAL STACK MACHINE

摘要

Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: identifying data from a file executed on the virtual stack machine, the data including parameters of a file section of the file and/or parameters of a function of the file; searching in a database for at least one cluster of safe files that contains at least one of: a value of the parameters of the file section exceeding a first threshold, and a value of the parameters of the function exceeding a second threshold; creating a cluster of data of the file based on the identified cluster of safe files; calculating a checksum of the created cluster of data of the file; and determining that the file is a harmful file if the computed checksum matches a checksum in a database of checksums of harmful files.