| 发明名称 |
SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE IN ADDRESS SPACE OF A PROCESS |
| 摘要 |
Disclosed are system and method for detecting malicious code in address space of a process. An exemplary method comprises: detecting a first process executed on the computer in association with an application; intercepting at least one function call made by the first process to a second process; determining one or more attributes associated with the at least one function call; determining whether to perform malware analysis of code associated with the at least one function call in an address space associated with the second process based on application of one or more rules to the one or more attributes; and upon determining to perform malware analysis of the code, determining whether the code in the address space is malicious. |
| 申请公布号 |
US2017004309(A1) |
申请公布日期 |
2017.01.05 |
| 申请号 |
US201615183063 |
申请日期 |
2016.06.15 |
| 申请人 |
AO Kaspersky Lab |
发明人 |
Pavlyushchik Mikhail A.;Monastyrsky Alexey V.;Nazarov Denis A. |
| 分类号 |
G06F21/56;G06F9/54 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detection of malware on a computer, the method comprising:
detecting a first process executed on the computer in association with an application; intercepting at least one function call made by the first process to a second process; determining one or more attributes associated with the at least one function call; determining whether to perform malware analysis of code associated with the at least one function call in an address space associated with the second process based on application of one or more rules to the one or more attributes; and upon determining to perform malware analysis of the code, determining whether the code in the address space is malicious. |
| 地址 |
Moscow RU |
