Systems and methods of processing data associated with detection and/or handling of malware
First Claim
1. At least one non-transitory computer-readable medium comprising instructions to produce a malware repair tool, wherein the instructions, when executed by at least one processor, are to:
- generate repair information to be used for repairing an operating system environment infected by malware, wherein the repair information is generated based on hidden logic path information retrieved from code that has a latent infection by the malware and has not been executed by the operating system environment infected by the malware, and wherein the repair information is to be generated, at least in part, by resolving handles into searchable names, and creating one or more signatures for one or more files that are dropped based on a verification routine;
integrate the repair information into a repair executable program;
prepare a boot image in a non-infected operating system environment;
prepare a supporting executable program to access an infected file system;
generate a batch process by integrating the repair executable program with the boot image; and
create the malware repair tool by packaging at least the batch process and the supporting executable program, wherein the malware repair tool is configured to reverse the latent infection by the malware.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates to malware and, more particularly, towards systems and methods of processing information associated with detecting and handling malware. According to certain illustrative implementations, methods of processing malware are disclosed. Moreover, such methods may include one or more of unpacking and/or decrypting malware samples, dynamically analyzing the samples, disassembling and/or reverse engineering the samples, performing static analysis of the samples, determining latent logic execution path information regarding the samples, classifying the samples, and/or providing intelligent report information regarding the samples.
41 Citations
25 Claims
-
1. At least one non-transitory computer-readable medium comprising instructions to produce a malware repair tool, wherein the instructions, when executed by at least one processor, are to:
-
generate repair information to be used for repairing an operating system environment infected by malware, wherein the repair information is generated based on hidden logic path information retrieved from code that has a latent infection by the malware and has not been executed by the operating system environment infected by the malware, and wherein the repair information is to be generated, at least in part, by resolving handles into searchable names, and creating one or more signatures for one or more files that are dropped based on a verification routine; integrate the repair information into a repair executable program; prepare a boot image in a non-infected operating system environment; prepare a supporting executable program to access an infected file system; generate a batch process by integrating the repair executable program with the boot image; and create the malware repair tool by packaging at least the batch process and the supporting executable program, wherein the malware repair tool is configured to reverse the latent infection by the malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
logic at least partially implemented in hardware, the logic to; generate repair information to be used for repairing an operating system environment infected by malware, wherein the repair information is generated based on hidden logic path information retrieved from code that has a latent infection by the malware and has not been executed by the operating system environment infected by the malware, and wherein the repair information is to be generated, at least in part, by resolving handles into searchable names, and creating one or more signatures for one or more files that are dropped based on a verification routine; integrate the repair information into a repair executable program; prepare a boot image in a non-infected operating system environment; prepare a supporting executable program to access an infected file system; generate a batch process by integrating the repair executable program with the boot image; and create a malware repair tool by packaging at least the batch process and the supporting executable program, wherein the malware repair tool is configured to reverse the latent infection by the malware. - View Dependent Claims (15, 16, 17, 18, 19)
-
20. A method comprising:
-
generating repair information to be used for repairing an operating system environment infected by malware, wherein the repair information is generated based on hidden logic path information retrieved from code that has a latent infection by the malware and has not been executed by the operating system environment infected by the malware, and wherein the repair information is to be generated, at least in part, by resolving handles into searchable names, and creating one or more signatures for one or more files that are dropped based on a verification routine; integrating the repair information into a repair executable program; preparing a boot image in a non-infected operating system environment; preparing a supporting executable program to access an infected file system; generating a batch process by integrating the repair executable program with the boot image; and creating a malware repair tool by packaging at least the batch process and the supporting executable program, wherein the malware repair tool is configured to reverse the latent infection by the malware. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification