发明名称 |
A METHOD AND SYSTEM FOR DETECTING A MALICIOUS PACKED EXECUTABLE |
摘要 |
The present invention is directed to a method for indicating if an executable file is malicious, the method comprising the steps of: indicating if the executable file is packed; and if the executable file is packed, determining the executable file as malicious if the executable file satisfies a maliciousness criterion, such as a size less than 200 KB. According to a preferred embodiment of the invention, indicating if the executable file is packed is carried out by the steps of: for at least one section of the file which is not a resource section: compressing at least a part of the section; and indicating that the executable is packed if the compression ratio as a result of the compressing is less than a threshold (e.g., about 10 percent). |
申请公布号 |
WO2007004205(A3) |
申请公布日期 |
2007.09.27 |
申请号 |
WO2006IL00646 |
申请日期 |
2006.06.05 |
申请人 |
ALADDIN KNOWLEDGE SYSTEMS LTD. |
发明人 |
ZAMIR, SHAY;MARGALIT, YANKI;MARGALIT, DANY |
分类号 |
G08B23/00;G06F21/22 |
主分类号 |
G08B23/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|