APPARATUS AND METHOD FOR DETECTING DYNAMIC LINK LIBRARY INSERTED BY MALICIOUS CODE

摘要

PROBLEM TO BE SOLVED: To provide an apparatus and method for determining whether or not a DLL inserted into a memory region of a specific process is the one developed with malicious intent. SOLUTION: The method for detecting DLL includes: a step of collecting first dynamic link library (DLL) information from an image file of a process before the process is executed; a step of collecting second DLL information loaded into a memory as the process is executed; a step of comparing the first DLL information with the second DLL information which are collected to extract information on an explicit DLL; and a step of determining whether or not the extracted explicit DLL is the DLL inserted by a malicious code. Thus, information on the DLL inserted with malicious intent may be utilized as a tool for analyzing an attacked system. COPYRIGHT: (C)2009,JPO&INPIT