| 发明名称 |
Detecting script-based malware using emulation and heuristics |
| 摘要 |
The subject disclosure is directed towards running script through a malware detection system including an emulator environment to detect any malware within the script. Statistics are collected as part of processing the script, with parameterized heuristic analysis used to determine whether to run the emulation. The processing through the malware detection system may be iterative, to de-obfuscate layers of obfuscated malware. The emulator may be updated via signatures. |
| 申请公布号 |
US8997233(B2) |
申请公布日期 |
2015.03.31 |
| 申请号 |
US201113085937 |
申请日期 |
2011.04.13 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Green Jonathon Patrick;Chandnani Anjali Doulatram;Christensen Simon David |
| 分类号 |
G08B23/00;G06F11/30;G06F21/56 |
主分类号 |
G08B23/00 |
| 代理机构 |
|
代理人 |
Haslam Brian;Allen Mike;Minhas Micky |
| 主权项 |
1. In a computing environment, a computer-implemented method performed at least in part on at least one processor, comprising;
processing data corresponding to a script sample in an emulation environment, including analyzing structure and content of a data structure corresponding to the script sample to match against generic and static signatures of malware, or analyzing events triggered during emulation against generic and static signatures of malware, or both, to detect whether the script sample comprises malware; updating the runtime emulation environment via one or more signatures without requiring a change to an antimalware engine; and determining, before the emulation, a need for the emulation based on a heuristic analysis of the structure and content of the data structure. |
| 地址 |
Redmond WA US |
