首页>
外国专利>
Detecting malicious code based on deviations in executable image import resolutions and load patterns
Detecting malicious code based on deviations in executable image import resolutions and load patterns
展开▼
机译:根据可执行映像导入分辨率和加载模式中的偏差检测恶意代码
展开▼
页面导航
摘要
著录项
相似文献
摘要
Trusted executable images are run in a controlled environment, such as a dynamic malware analysis platform. For each trusted executable image, a corresponding baseline import-load signature is generated. This can be done by applying a cryptographic hash function to the specific instructions which resolve imports and/or load libraries, and their operands. Sample programs are run in the controlled environment and tested for maliciousness. Any executable image run by a given sample program in the controlled environment is identified, and an import-load signature of the executable image when run by the sample program is generated. The import-load signature of the executable image when run by the sample program is compared to the corresponding stored baseline import-load signature for the same executable image. The sample program is adjudicated as being benign or malicious based on at least the results of the comparison.
展开▼