THE METHOD AND APPARATUS FOR ANALYZING EXPLOIT CODE IN NON-EXECUTABLE FILE USING VIRTUAL ENVIRONMENT

摘要

A method and an apparatus for analyzing the malware software within a non-executable file which uses the virtual environment use the object program having the weak point in the virtual environment are provided to analyze the malware included in the non-executable file safely. A program execution part(114) outputs register value of an object program by loading non-executable file analyzed in an object program. A program run analysis part(122) analyzes the outputted register value. In case the register value indicates a domain except a normal code domain, the program run analysis part stores log information about the operation of the object program in the log information database(124). A malware analyze part(126) extracts and analyzes malware included in the non-executable file based on log information. When the outputted register value begins to indicate domain except the normal code area, the program run analysis part begins to store the log information.