×

Malware data item analysis

  • US 9,785,773 B2
  • Filed: 03/25/2015
  • Issued: 10/10/2017
  • Est. Priority Date: 07/03/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer system comprising:

  • one or more computer readable storage devices configured to store;

    a plurality of computer executable instructions; and

    a plurality of data items each associated with at least one respective submission event, each submission event indicating at least one of;

    a date the associated data item was submitted, oran identifier of a person who submitted the associated data item,wherein;

    the plurality of data items include at least a first data item representing a suspected malware file,the first data item is associated with a first submission event, andthe first data item is further associated with a plurality of analysis information items from an analysis of the first data item, wherein the plurality of analysis information items includes at least one of;

    a payload associated with the first data item, academic analysis information associated with the first data item, file execution information associated with the first data item, third-party analysis information associated with the first data item, a hash of the first data item, a size of the first data item, or a file property associated with the first data item, andone or more hardware computer processors in communication with the one or more computer readable storage devices and configured to execute the plurality of computer executable instructions in order to cause the one or more hardware computer processors to;

    receive, via an upload or transmission to the computer system, a second data item, the second data item representing a suspected malware file;

    perform an analysis of the second data item to determine one or more characteristics associated with the second data item;

    compare at least a first characteristic associated with the second data item with a corresponding first characteristic associated with the first data item;

    determine, based at least in part on comparing the first characteristic and the corresponding first characteristic, that the second data item and the first data item match;

    in response to determining that the second data item and the first data item match;

    associate a second submission event with the first data item, the second submission event being different from the first submission event; and

    generate a displayable notification that the second data item was previously received, wherein the displayable notification includes an indication of the first submission event associated with the first data item representing a suspected malware file; and

    generate a user interface including one or more user selectable portions presenting at least;

    one or more of the analysis information items associated with the first data item, and information regarding the first submission event associated with the first data item.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×