主权项 |
1. A computerized method for classifying an object based on detected process operations and associated process parameters that describe the context of the process operations, comprising:
receiving, by a malware content detection system, an object to be examined for malware; and performing dynamic analysis on the object, wherein the dynamic analysis includes:
processing the object within a virtual machine, wherein a monitor for examining the object is located within a component of the virtual machine,capturing, by the monitor, a process operation and corresponding set of process parameters associated with the process operation, anddetermining whether the object is malware based on the captured process operation and the corresponding set of process parameters. |