System and method for analyzing a file for malware in a virtual machine

摘要

Disclosed are systems and methods for analysis of files for maliciousness and determining an action. An exemplary method comprises: opening a file, by a processor, in a virtual machine, intercepting an event arising in an execution of a thread of a process created upon opening of the file, determining, a context of the processor on which the thread is being executed, the determination including reading register values of the processor and a stack, comparing the context with rules that check: a behavior of the thread of the process, a changing, by the thread, of attributes of the file, and an access of the thread to the Internet, and based on a result of the comparison, performing at least one of: recognizing the file as being malicious, halting the execution of the thread, changing the context of the processor, and waiting for a next intercepted event.