首页>
外国专利>
System and method for scanning packed programs in response to detection of suspicious behaviors
System and method for scanning packed programs in response to detection of suspicious behaviors
展开▼
机译:响应于检测到可疑行为而扫描打包程序的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A computer-implemented method for scanning packed programs in response to detecting suspicious behaviors may include (1) executing a packed program that may include (i) malicious code that has been obfuscated within the packed program and (ii) unpacking code that deobfuscates and executes the malicious code when the packed program is executed, (2) monitoring, while the packed program is executing, how the packed program behaves, (3) detecting, while monitoring how the packed program behaves, a suspicious behavior of the malicious code that indicates that the unpacking code has deobfuscated and executed the malicious code, and (4) performing a security operation on the packed program in response to detecting the suspicious behavior of the malicious code. Various other methods, systems, and computer-readable media are also disclosed.
展开▼