×

System and method for malware analysis using thread-level event monitoring

  • US 10,671,726 B1
  • Filed: 09/22/2014
  • Issued: 06/02/2020
  • Est. Priority Date: 09/22/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method comprising:

  • processing one or more objects by a plurality of threads of execution, the plurality of threads of execution being part of a multi-thread process and executed by logic within a threat detection platform;

    selecting threads of the plurality of threads for monitoring;

    monitoring events of a first selected thread of the selected threads during the processing of the one or more objects, and excluding, from monitoring, events of non-selected threads of the plurality of threads, wherein the monitoring includes monitoring for events by both a first monitoring logic and a second monitoring logic that is different from the first monitoring logic, and wherein the second monitoring logic is part of a virtual execution environment;

    storing information associated with a first monitored event of the monitored events within an event log, the information comprises at least an identifier of the first selected thread to maintain an association between the first monitored events and the first selected thread; and

    accessing the stored information within the event log for rendering a graphical display of the monitored events and the first selected thread on a display screen.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×