The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 31, 2016
Filed:
Dec. 05, 2013
Xiaochuan Wan, Nanjing, CN;
Ben Huang, Nanjing, CN;
Xuebin Chen, Nanjing, CN;
Xiaodong Huang, Nanjing, CN;
Hailiang Fan, Nanjing, CN;
Xiaochuan Wan, Nanjing, CN;
Ben Huang, Nanjing, CN;
Xuebin Chen, Nanjing, CN;
Xiaodong Huang, Nanjing, CN;
Hailiang Fan, Nanjing, CN;
Trend Micro Inc., Tokyo, JP;
Abstract
An emulator on a host computer includes a static analysis module that analyzes executable code of a suspicious sample to determine whether the code identifies that a particular packing program (packer) has packed the sample. Once identified, a custom configuration file is generated that identifies particular API hooks or instructions that should be disabled (or enabled) so that the sample file cannot use these hooks or instructions to detect that it is executing within an emulator. The emulator (such as a virtual machine or sandbox) is configured using the configuration file. The suspicious sample is then executed and its behaviors are collected. The sample is prevented from detecting that it is operating within an emulator and thus prevented from terminating prematurely. Malicious behaviors are scored and a total score indicates whether or not the suspicious sample is malicious or not. Static analysis identifies signatures, instructions or strings.