The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 27, 2015
Filed:
Sep. 30, 2013
Michael Vincent, Sunnyvale, CA (US);
Ali Mesdaq, San Jose, CA (US);
Emmanuel Thioux, Santa Cruz, CA (US);
Abhishek Singh, Morgan Hill, CA (US);
Sai Vashisht, Milpitas, CA (US);
Michael Vincent, Sunnyvale, CA (US);
Ali Mesdaq, San Jose, CA (US);
Emmanuel Thioux, Santa Cruz, CA (US);
Abhishek Singh, Morgan Hill, CA (US);
Sai Vashisht, Milpitas, CA (US);
FireEye, Inc., Milpitas, CA (US);
Abstract
Techniques for malware detection are described herein. According to one aspect, control logic determines an analysis plan for analyzing whether a specimen should be classified as malware, where the analysis plan identifies at least first and second analyses to be performed. Each of the first and second analyses identified in the analysis plan including one or both of a static analysis and a dynamic analysis. The first analysis is performed based on the analysis plan to identify suspicious indicators characteristics related to processing of the specimen. The second analysis is performed based on the analysis plan to identify unexpected behaviors having processing or communications anomalies. A classifier determines whether the specimen should be classified as malicious based on the static and dynamic analyses. The analysis plan, the indicators, the characteristics, and the anomalies are stored in a persistent memory.