×

System and method for detecting malicious code in random access memory

  • US 9,407,648 B1
  • Filed: 11/25/2015
  • Issued: 08/02/2016
  • Est. Priority Date: 06/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for detection of malware on a computer, the method comprising:

  • detecting, by a hardware processor, a process of an untrusted program on the computer;

    identifying, by the hardware processor, function calls made by the process of the untrusted program, including inter-process function calls made by the process to a destination process;

    collecting, by the hardware processor, information about the untrusted program;

    applying, by the hardware processor, heuristic rules to information about the identified function calls and the information about the untrusted program to determine whether to perform malware analysis of a code in an address space of the destination process that was subject of an inter-process function call made by the process of the untrusted program; and

    when it is determined to perform malware analysis, analyzing the code in an address space of the destination process that was subject of the inter-process function call made by the process of the untrusted program using antivirus software executable by the hardware processor.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×