TECHNIQUE FOR DETERMINING A MALIGN OR NON-MALIGN BEHAVIOR OF AN EXECUTABLE FILE

摘要

A technique for determining a malign or non-malign behavior of an executable file is disclosed. In a first method aspect, the method comprises the steps of first acquiring a first behavior profile of the executable file, the first behavior profile comprising a first observable execution trace of the executable file from an emulated environment, second acquiring a second behavior profile of the executable file, the second behavior profile comprising a second observable execution trace of the executable file from a real environment, and comparing the first and second observable execution traces so as to determine the malign or non-malign behavior of the executable file. In another method aspect, the method comprises the steps of receiving a trigger condition, collecting, responsive to the trigger condition, first and second behavior profiles of the executable file from first and second one of two or more file-execution devices, the first and second behavior profiles comprising first and second observable execution traces of the executable file, and the first and second observable execution traces being non-mapped to the first and second file-execution device, respectively.