APPARATUS AND METHOD FOR ANALYZING MALICIOUS CODE IN REAL ENVIRONMENT

摘要

An apparatus and method for analyzing malicious code in a real environment are provided. The apparatus for analyzing malicious code in a real environment includes a storage unit, a VHD control unit, and an analysis unit. The storage unit stores an original virtual hard disk (VHD) and a child VHD. The VHD control unit performs booting using an uninfected clean VHD. The analysis unit executes an object of analysis after the booting, generates the first results of the analysis based on static, dynamic and state analyses, generates the second results of the analysis by comparing the state of an infected VHD with the state of the clean, generates the results of malicious code analysis based on the first results of the analysis and the second results of the analysis, and sends the results of the malicious code analysis to the VHD control unit.

主权项

1. An apparatus for analyzing malicious code in a real environment, comprising:
a storage unit configured to store an original virtual hard disk (VHD) and a child VHD; a VHD control unit configured to perform booting using an uninfected clean VHD, and to output received results of malicious code analysis to an outside; and an analysis unit configured to execute an external object of analysis after the booting, to generate first results of the analysis based on static, dynamic and state analyses of the object of analysis, to generate second results of the analysis by comparing a state of an infected VHD whose state has been infected by the execution of the object of analysis with a state of the clean VHD and then analyzing a change in the state between the infected VHD and the clean VHD, to generate results of malicious code analysis based on the first results of the analysis and the second results of the analysis, and to send the results of the malicious code analysis to the VHD control unit.