| 摘要 |
<p>A system and method that facilitates and effectuates detection of malware secreted and/or hidden in plain sight on a machine. The system and method in order to achieve its aims generates a list of all loaded modules, identifies from the list a set of modules common to more than a threshold number of processes, and eliminates from the list those modules included in an authentication list. The resultant list is prioritized based, in one instance, on the number of occurrences a particular module makes in the resultant list, and thereafter the list is distributed analyst workstations.</p> |
| 申请人 |
MICROSOFT CORPORATION |
发明人 |
HERLEY, CORMAC, E.;KEOGH, BRIAN, W.;HULETT, AARON, MICHAEL;MARINESCU, ADRIAN, M.;NURILOV, STANISLAV;WILLIAMS, JEFFREY, S. |
