×

System and method for scanning obfuscated files for pestware

  • US 7,349,931 B2
  • Filed: 04/14/2005
  • Issued: 03/25/2008
  • Est. Priority Date: 04/14/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for scanning files on a protected computer for pestware comprising:

  • scanning a plurality of files in at least one file storage device of the protected computer;

    identifying an obfuscated file from among the plurality of files in the at least one file storage device, wherein one or more potential pestware processes running in memory are associated with the obfuscated file;

    analyzing the obfuscated file so as to identify, from among a plurality of processes running in the memory, the one or more potential pestware processes running in memory that are associated with the obfuscated file;

    retrieving information from at least one of the one or more potential pestware processes running in memory; and

    analyzing the information from the at least one of the one or more potential pestware processes running in memory so as to determine whether the one or more potential pestware processes running in memory is pestware,wherein the analyzing the obfuscated file includes running the obfuscated file in a simulation mode and scanning through the obfuscated file while it is being run in the simulation mode so as to obtain a start address of the one or more potential pestware processes running in memory that are associated with the obfuscated file, andwherein the analyzing the obfuscated file includes identifying a start address of the one or more potential pestware processes by identifying one or more contextual jumps in the obfuscated file as it is being run in the simulation mode.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×