Mitigation of anti-sandbox malware techniques
First Claim
Patent Images
1. A method comprising:
- providing a plurality of available sandbox environments including at least one dedicated hardware sandbox environment and at least one virtual machine sandbox environment;
performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and
when the static analysis identifies an anti-sandbox component, selecting a dedicated hardware sandbox environment from among the plurality of available sandbox environments to process the software object for malware testing.
4 Assignments
0 Petitions
Accused Products
Abstract
Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.
-
Citations
18 Claims
-
1. A method comprising:
-
providing a plurality of available sandbox environments including at least one dedicated hardware sandbox environment and at least one virtual machine sandbox environment; performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and when the static analysis identifies an anti-sandbox component, selecting a dedicated hardware sandbox environment from among the plurality of available sandbox environments to process the software object for malware testing. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
-
providing a plurality of available sandbox environments including at least one dedicated hardware sandbox environment and at least one virtual machine sandbox environment; performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and when the static analysis identifies an anti-sandbox component, selecting a dedicated hardware sandbox environment from among the plurality of available sandbox environments to process the software object for malware testing. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a computing device coupled to a network; a processor; and a memory bearing computer executable code configured to be executed by the processor to cause the computing device to perform the steps of performing a static analysis of a sample of a software object using one or more signatures of one or more known malware objects; and
when the static analysis identifies an anti-sandbox component, selecting a dedicated hardware sandbox environment from among a plurality of available sandbox environments including the dedicated hardware sandbox environment and one or more software sandbox environments to process the software object for malware testing. - View Dependent Claims (15, 16, 17, 18)
-
Specification