APPARATUS, SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE

摘要

Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.