| 发明名称 |
METHOD, APPARATUS AND VIRTUAL MACHINE FOR DETECTING MALICIOUS PROGRAM |
| 摘要 |
A method, an apparatus and a virtual machine for detecting a malicious program(s) are disclosed. The method comprises: setting a virtual memory (301); reading a Master Boot Record (MBR) and storing the MBR in the virtual memory (302); and executing each instruction of the MBR in the virtual memory simulatedly, and detecting whether the virtual memory is modified after executing each instruction (303); if so, a malicious program is found, otherwise, continuing to execute the next instruction simulatedly until completing simulation execution of all instructions of the MBR. The technical solution can find the deformed malicious program(s). |
| 申请公布号 |
US2014351935(A1) |
申请公布日期 |
2014.11.27 |
| 申请号 |
US201214344864 |
申请日期 |
2012.08.24 |
| 申请人 |
Shao Jianlei;Tan Heli |
发明人 |
Shao Jianlei;Tan Heli |
| 分类号 |
G06F21/56;G06F9/455 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting malicious program(s), comprising:
setting a virtual memory; reading a Master Boot Record, MBR, and storing the MBR in the virtual memory; and executing each instruction of the MBR in the virtual memory simulatedly, and detecting whether the virtual memory is modified after executing each instruction, if so, a malicious program is found, otherwise, continuing to execute the next instruction simulatedly until completing simulation execution of all instructions of the MBR. |
| 地址 |
Beijing CN |
