MALWARE DETECTION USING A DIGITAL CERTIFICATE

US 20160378983A1
Filed: 06/27/2015
Published: 12/29/2016
Est. Priority Date: 06/27/2015
Status: Active Grant

First Claim

Patent Images

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

analyze data related to a digital certificate; and

assign a reputation to the digital certificate, wherein the reputation includes an indication if the data related to the digital certificate is proper.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.

18 Citations

View as Search Results

20 Claims

1. At least one machine readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
- analyze data related to a digital certificate; and
  
  assign a reputation to the digital certificate, wherein the reputation includes an indication if the data related to the digital certificate is proper.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The at least one machine readable medium of claim 1, wherein the analysis of the data includes determining if code signing for the digital certificate matches binary code for the digital certificate.
  - 3. The at least one machine readable medium of claim 2, wherein the code signing is Authenticode.
  - 4. The at least one machine readable medium of claim 1, wherein the analysis of the data includes determining if the digital certificate has been grafted to the data by modifying a portable executable file header.
  - 5. The at least one machine readable medium of claim 4, wherein the analysis of the data includes determining the digital certificate is the same as another trusted digital certificate associated with different data.
  - 6. The at least one machine readable medium of claim 4, wherein a file is classified as untrusted if the analysis of the data related to the digital certificate indicates that the data related to the digital certificate is improper.

7. An apparatus comprising:
- a digital certificate validation module configured to;
  
  identify a file that includes a digital certificate and data related to the digital certificate;
  
  analyze the data related to the digital certificate; and
  
  assign a reputation to the file, wherein the reputation includes an indication if the data related to the digital certificate is proper.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, wherein the analysis of the data related to the digital certificate includes determining if code signing for the digital certificate matches binary code for the digital certificate.
  - 9. The apparatus of claim 8, wherein the code signing is Authenticode.
  - 10. The apparatus of claim 9, wherein the analysis of the data related to the digital certificate includes determining if the has been grafted to the data by modifying a portable executable file header.
  - 11. The apparatus of claim 7, wherein the analysis of the data related to the digital certificate includes determining if the digital certificate is the same as another trusted digital certificate associated with different data.
  - 12. The apparatus of claim 7, wherein the file is classified as untrusted if the analysis of the data related to the digital certificate indicates that the data is improper.

13. A method comprising:
- analyzing data related to a digital certificate; and
  
  assigning a reputation to the digital certificate, wherein the reputation includes an indication if the data related to the digital certificate is proper.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the analysis of the data includes determining if code signing for the digital certificate matches binary code for the digital certificate.
  - 15. The method of claim 14, wherein the code signing is Authenticode.
  - 16. The method of claim 13, wherein the analysis of the data includes determining if the digital certificate has been grafted to the data by modifying a portable executable file header.
  - 17. The method of claim 13, wherein the analysis of the data includes determining the digital certificate is the same as another trusted digital certificate associated with different data.

18. A system for malware detection using a digital certificate, the system comprising:
- a digital certificate validation module configured for;
  
  identifying data related to a digital certificate;
  
  analyzing the data related to the digital certificate; and
  
  assigning a reputation to the digital certificate, wherein the reputation includes an indication if the data related to the digital certificate is proper.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the analysis of the data includes determining if code signing for the digital certificate matches binary code for the digital certificate.
  - 20. The system of claim 18, wherein the analysis of the data includes determining if the digital certificate has been grafted to the data by modifying a portable executable file header.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Spurlock, Joel R., Venugopalan, Ramnath

Granted Patent

US 10,642,976 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/563 by source code analysis

G06F 21/567 using dedicated hardware

MALWARE DETECTION USING A DIGITAL CERTIFICATE

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MALWARE DETECTION USING A DIGITAL CERTIFICATE

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links