DETECTING MALWARE-RELATED ACTIVITY ON A COMPUTER

摘要

Detecting malware-related activity on a computer by detecting activity associated with the creation of a data object, where the activity is performed by a process, where the process is an instance of a computer software application that resides in a computer memory and that is executed by a computer, and where the data object is configured to persist after termination of the process, determining a string that identifies the data object, searching for a portion of the string that identifies the data object within any areas of the computer memory storing static portions of the computer software application, and performing a computer-security-related remediation action responsive to determining that the portion of the string that identifies the data object is absent from the searched areas of the computer memory.

主权项

1. A method comprising:
detecting, by one or more processors, an activity associated with the creation of a data object, wherein the activity is performed by a process, wherein the process is an instance of a computer software application that resides in a computer memory and that is executed by a computer, and wherein the data object is configured to persist after termination of the process; determining, by one or more processors, a string that identifies the data object; searching, by one or more processors, for a portion of the string that identifies the data object within any areas of the computer memory storing static portions of the computer software application; and performing, by one or more processors, a computer-security-related remediation action responsive to determining that the portion of the string that identifies the data object is absent from the searched areas of the computer memory.