SYSTEM AND METHOD FOR LOADING AND ANALYZING FILES
First Claim
Patent Images
1. A method for analyzing executable files on a computer comprising:
- initiating, with an operating system of the computer, execution of a loader-process;
limiting rights of the loader-process so as to restrict the loader-process from particular calls to the operating system;
loading, using the loader-process, code of a first executable file into an address space of the loader-process;
analyzing the code of the first executable file to assess whether the first executable file is a pestware file;
clearing, while maintaining the loader-process in memory, memory utilized by the first executable file;
loading, using the loader process, code of a second executable file into an executable-memory of the computer; and
analyzing the code of the second executable file to assess whether the second executable file is a pestware file.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for analyzing files on a computer is described. In one embodiment the system includes a loader module configured to sequentially receive code from a plurality of files stored on a computer-readable medium and initiate execution of the code in a process space of the loader module. In addition, the loader module is configured to stop execution of the code in response to the code attempting to carry out particular instructions while executing. The system also includes a detection module configured to analyze the code from each of the plurality of files after the code is loaded by the loader module.
65 Citations
20 Claims
-
1. A method for analyzing executable files on a computer comprising:
-
initiating, with an operating system of the computer, execution of a loader-process; limiting rights of the loader-process so as to restrict the loader-process from particular calls to the operating system; loading, using the loader-process, code of a first executable file into an address space of the loader-process; analyzing the code of the first executable file to assess whether the first executable file is a pestware file; clearing, while maintaining the loader-process in memory, memory utilized by the first executable file; loading, using the loader process, code of a second executable file into an executable-memory of the computer; and analyzing the code of the second executable file to assess whether the second executable file is a pestware file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13)
-
-
11. A system for analyzing executable files on a computer comprising:
-
a loader module configured to sequentially receive code from a plurality of files stored on a computer-readable medium and initiate execution of the code in a process space of the loader module, and wherein the loader module is configured to stop execution of the code in response to the code attempting to carry out particular instructions while executing; and a detection module configured to analyze the code from each of the plurality of files after the code is loaded by the loader module. - View Dependent Claims (12, 14, 15, 16)
-
-
17. A processor-readable medium including instructions for analyzing executable files on a computer, the instructions including instructions for:
-
initiating, with an operating system of the computer, execution of a loader-process; loading, using the loader-process, code of first executable file into an address space of the loader-process; analyzing the code of the first executable file to assess whether the first executable file is a pestware file; clearing, while maintaining the loader-process in memory, memory utilized by the first executable file; loading, using the loader process, code of a second executable file into an executable-memory of the computer; and analyzing the code of the second executable file to assess whether the second executable file is a pestware file. - View Dependent Claims (18, 19, 20)
-
Specification