×

Multistage system and method for analyzing obfuscated content for malware

  • US 10,657,251 B1
  • Filed: 06/26/2017
  • Issued: 05/19/2020
  • Est. Priority Date: 09/30/2013
  • Status: Active Grant
First Claim
Patent Images

1. A system for detecting malicious content, comprising:

  • a hardware storage device;

    a first component stored within the hardware storage device, the first component to receive content and determine whether native code of the content is accessible;

    a de-constructor stored within the hardware storage device, the de-constructor to receive the content from the first component in response to the native code being inaccessible to the first component, the de-constructor to select an analysis technique that implements a de-compiler to access the native code and output a deconstructed representation of the received content; and

    a post-processor stored within the hardware storage device, the post-processor to receive the deconstructed representation of the received content from the de-constructor, determine whether the native code represented by the deconstructed representation of the received content is suspicious thereby indicating that at least a portion of the native code includes attributes associated with malware, establish a secure communication with a cloud computing service when the native code is determined to be suspicious or remove the native code from further analysis when the native code is determined to be non-suspicious, and provide at least the suspicious native code to the cloud computing service to perform a dynamic analysis of the native code by processing the native code within one or more virtual machines configured with a software profile suitable for the processing of the native code and analysis of an observed behavior of the one or more virtual machines.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×