LAUNCHER FOR SETTING ANALYSIS ENVIRONMENT VARIATIONS FOR MALWARE DETECTION
First Claim
1. A system for automatically analyzing an object for malware, the system comprising:
- one or more hardware processors; and
a memory coupled to the one or more hardware processors, the memory comprises software components that, when executed by the one or more hardware processors, generate one or more virtual machines, at least a first virtual machine of the one or more virtual machines includes launcher logic that, upon execution, configures a processing framework that includes a plurality of processes for analyzing the object for malware,wherein the launcher logic configures each of plurality of processes with different application and plug-in combinations based on a type of object being analyzed and received configuration data identifying a prescribed order of execution on an application basis and a plug-in basis.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for automatically analyzing an object for malware is described. Operating one or more virtual machines, the system and method provide an analysis environment variation framework to provide a more robust analysis of an object for malware. The multi-application, multi-plugin processing framework is configured within a virtual machine, where the framework generates a plurality of processes for analyzing the object for malware and each of plurality of processes is configured with a different application and plug-in combination selected based in part on a type of object being analyzed.
161 Citations
20 Claims
-
1. A system for automatically analyzing an object for malware, the system comprising:
-
one or more hardware processors; and a memory coupled to the one or more hardware processors, the memory comprises software components that, when executed by the one or more hardware processors, generate one or more virtual machines, at least a first virtual machine of the one or more virtual machines includes launcher logic that, upon execution, configures a processing framework that includes a plurality of processes for analyzing the object for malware, wherein the launcher logic configures each of plurality of processes with different application and plug-in combinations based on a type of object being analyzed and received configuration data identifying a prescribed order of execution on an application basis and a plug-in basis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory storage medium including software that, when executed by one or more hardware processors, perform operations for automatically analyzing an object for malware, the non-transitory storage medium comprising:
-
a first software component that, when executed by the one or more hardware processors, generates one or more virtual machines; and a launcher logic of at least a first virtual machine of the one or more virtual machines that, upon execution, configures a processing framework that includes a plurality of processes for analyzing the object for malware, each of the plurality of processes being configured with different application and plug-in combinations that are selected based on a type of object being analyzed and received configuration data identifying a prescribed order of execution on an application basis and a plug-in basis. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computerized method for automatically analyzing an object for malware comprising:
-
running a virtual machine within an electronic device; and analyzing an object being processing within the virtual machine for malware by a plurality of processes associated with a processing framework, each of the plurality of processes being configured with different application and plug-in combinations that are selected based on both a type of object being analyzed and received configuration data identifying a prescribed order of execution on an application basis and a plug-in basis, the received configuration data comprises a priority list identifying a selected plug-in ordering for analysis of a selected type and version of the application.
-
Specification