MITIGATION OF ANTI-SANDBOX MALWARE TECHNIQUES
First Claim
Patent Images
1. A method comprising:
- performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and
when the static analysis identifies one of the one or more known malware objects, selecting a sandbox environment from among a plurality of available sandbox environments to process the software object for malware testing.
4 Assignments
0 Petitions
Accused Products
Abstract
Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.
10 Citations
20 Claims
-
1. A method comprising:
-
performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and when the static analysis identifies one of the one or more known malware objects, selecting a sandbox environment from among a plurality of available sandbox environments to process the software object for malware testing. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
-
performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and when the static analysis identifies one of the one or more known malware objects, selecting a sandbox environment from among a plurality of available sandbox environments to process the software object for malware testing. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a computing device coupled to a network; a processor; and a memory bearing computer executable code configured to be executed by the processor to cause the computing device to perform the steps of performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and
when the static analysis identifies one of the known malware objects, selecting a sandbox environment from among a plurality of available sandbox environments to process the software object for malware testing. - View Dependent Claims (17, 18, 19, 20)
-
Specification