摘要 |
A system and method for detecting a potentially malicious executable file is described. An executable file, for example attached to an electronic mail message or downloaded to a computer system, is trapped and disassembled to provide an analysable file. The analysable file is analysed to determine whether any program call is made by the executable file and whether any detected program call is potentially malicious by comparing the program call with a list of known potentially malicious program calls. If the program call is potentially malicious, the executable file is quarantined or deleted.
|