APPARATUS AND METHOD FOR DETECTING MALICIOUS FILES
First Claim
Patent Images
1. An apparatus for detecting a malicious file, comprising:
- a program driving unit configured to output an execution address of a command executed by driving a program corresponding to a non-executable file;
an address storage unit configured to store normal address range information in accordance with the driving of the program; and
a maliciousness determination unit configured to determine whether the non-executable file is malicious depending on whether the execution address is not within the normal address range information.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for detecting a malicious file, includes a program driving unit configured to output an execution address of a command executed by driving a program corresponding to a non-executable file; and an address storage unit configured to store normal address range information in accordance with the driving of the program.
Further, the apparatus includes a maliciousness determination unit configured to determine whether the non-executable file is malicious depending on whether the execution address is not within the normal address range information.
35 Citations
20 Claims
-
1. An apparatus for detecting a malicious file, comprising:
-
a program driving unit configured to output an execution address of a command executed by driving a program corresponding to a non-executable file; an address storage unit configured to store normal address range information in accordance with the driving of the program; and a maliciousness determination unit configured to determine whether the non-executable file is malicious depending on whether the execution address is not within the normal address range information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for detecting a malicious file comprising:
-
obtaining an execution address of a command executed during driving of a program corresponding to a non-executable file; storing normal address range information in accordance with the driving of the program; and determining, when the obtained execution address is not included in the normal address range information, whether the non-executable file is malicious. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification