Executing full logical paths for malware detection
First Claim
1. A computer program product tangibly embodied on non-transitory, computer readable media, the computer program product comprising instructions operable, when executed, to:
- identify, at a parent node of a logical path, a first logical path and a second logical path;
responsive to storing environmental data for the parent node, execute, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path from the parent node, wherein the environmental data is a parameter for executing an instruction for the parent node;
store, in a memory, a first set of information obtained from following the first logical path;
evaluate, by a malware handler module implemented at least partially in hardware, the first set of information for malware;
restore, from the memory, the environmental data for the parent node to execute, by the processor, a second set of instructions to follow the second logical path;
store, in a memory, a second set of information obtained from following the second logical path; and
evaluate, by the malware handler module, the second set of information for malware.
10 Assignments
0 Petitions
Accused Products
Abstract
Embodiments include identifying, at a logical path node, a first logical path and a second logical path; executing, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path; storing, in a memory, a first set of information obtained from following the first logical path; evaluating, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restoring, from the memory, environmental data for the first logical path node; executing, by the processor, a second set of instructions to follow the second logical path; storing, in a memory, a second set of information obtained from following the second logical path; and evaluating, by the malware handler module, the second set of information for malware.
24 Citations
21 Claims
-
1. A computer program product tangibly embodied on non-transitory, computer readable media, the computer program product comprising instructions operable, when executed, to:
-
identify, at a parent node of a logical path, a first logical path and a second logical path; responsive to storing environmental data for the parent node, execute, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path from the parent node, wherein the environmental data is a parameter for executing an instruction for the parent node; store, in a memory, a first set of information obtained from following the first logical path; evaluate, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restore, from the memory, the environmental data for the parent node to execute, by the processor, a second set of instructions to follow the second logical path; store, in a memory, a second set of information obtained from following the second logical path; and evaluate, by the malware handler module, the second set of information for malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21)
-
-
9. A computer implemented method, comprising:
-
identifying, at a logical path node, a first logical path and a second logical path; responsive to storing environmental data for the logical path node, executing, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path, wherein the environmental data is a parameter for executing an instruction for the logical path node; storing, in a memory, a first set of information obtained from following the first logical path; evaluating, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restoring, from the memory, the environmental data for the logical path node to execute, by the processor, a second set of instructions to follow the second logical path; storing, in a memory, a second set of information obtained from following the second logical path; and evaluating, by the malware handler module, the second set of information for malware. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for executing a full logical path in an executable application, the system comprising:
-
a processor implemented at least partially in hardware; a memory for storing instructions; an execution application module, implemented at least partially in hardware, to, responsive to storing environmental data associated with a parent node of the full logical path, execute a first logical path from the parent node, wherein the environmental data is a parameter for executing an instruction for the parent node; and restore the environmental data associated with the parent node to execute a second logical path from the parent node; and a malware handler module, implemented at least partially in hardware, to monitor execution of each logical path for malware. - View Dependent Claims (18, 19, 20)
-
Specification