| 摘要 |
A method and device for clustering virus files is provided. The method involves statically analyzing binary data of virus files to be clustered, so as to obtain PE structure data of the virus files. Further, based on a comparison of the PE structure data, those virus files with PE structure data meeting a specific similarity may be categorized into the same category. The device may include a first data analyzing module configured to extract PE structure data of virus files to be clustered by static analysis of binary data of the virus files. A first clustering module of the device may compare the PE structure data and cluster the virus files having the PE structure data meeting a specific similarity into the same category. The solution may improve efficiency of clustering computer virus files, reduce resource consumption, and avoid the risk of virus infection caused by dynamically running the virus files. |
