SYSTEM AND METHOD FOR ANALYZING PACKED FILES
First Claim
1. A method for analyzing executable files on a computer, comprising:
- initiating, with an operating system of the computer, execution of a loader-process;
loading, using the loader-process, code of a first executable file into an executable memory of the computer;
executing the code of the first executable file, wherein the code of the first executable file unpacks other packed-code to generate unpacked code; and
analyzing the unpacked code to assess whether the first executable file is a pestware file.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method for analyzing executable files on a computer is described. The method in one embodiment includes initiating, with an operating system of the computer, execution of a loader-process; loading, using the loader-process, code of a first executable file into an executable-memory of the computer; and executing the code of the first executable file, wherein the code of the first executable file unpacks other packed-code to generate unpacked code. In addition, the loader-process executes the unpacked code and stops execution of the unpacked code in response to the unpacked code attempting to make a potentially dangerous system call. The unpacked code is analyzed, in response to the unpacked code attempting to make the potentially dangerous system call, to assess whether the first executable file is a pestware file.
-
Citations
25 Claims
-
1. A method for analyzing executable files on a computer, comprising:
-
initiating, with an operating system of the computer, execution of a loader-process; loading, using the loader-process, code of a first executable file into an executable memory of the computer; executing the code of the first executable file, wherein the code of the first executable file unpacks other packed-code to generate unpacked code; and analyzing the unpacked code to assess whether the first executable file is a pestware file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for analyzing a packed file stored on a computer comprising:
-
a loader module configured to execute a file unpacker, wherein the file unpacker, when executed by the loader module, unpacks the packed file to generate unpacked code; and a detection module configured to analyze the unpacked code after the unpacked code is executed by the loader module. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A processor-readable medium including instructions for analyzing executable files on a computer, the instructions comprising instructions for:
-
initiating, with an operating system of the computer, execution of a loader-process; loading, using the loader-process, code of a first executable file into an address space of the loader-process; executing the code of the first executable file, wherein the code of the first executable file unpacks other packed-code to generate unpacked code; and analyzing the unpacked code, in response to the unpacked code attempting to make the potentially dangerous system call, to assess whether the first executable file is a pestware file. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification