×

Confirming a malware infection on a client device using a remote access connection tool, to identify a malicious file based on fuzz hashes

  • US 9,953,164 B2
  • Filed: 03/09/2017
  • Issued: 04/24/2018
  • Est. Priority Date: 03/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A device, comprising:

  • one or more memories; and

    one or more processors to;

    receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file;

    generate a first set of hashes based on executing the malicious file in a testing environment and receiving the trigger to determine whether one or more client devices, of the set of client devices, are infected by the malicious file;

    obtain information, associated with the one or more client devices and based on receiving the trigger, to determine whether the one or more client devices are infected by the malicious file,the information indicating at least one process running on the one or more client devices;

    generate one or more second sets of hashes associated with each of the one or more client devices, respectively, based on the at least one process running on the one or more client devices;

    generate a plurality of similarity scores,each of the plurality of similarity scores indicating a measure of similarity between the first set of hashes generated based on executing the malicious file in the testing environment and each of the one or more second sets of hashes generated based on the least one process running on the one or more client devices;

    determine, based on the plurality of similarity scores, that at least one of the one or more client devices is infected by the malicious file; and

    provide information indicating that the at least one of the one or more client devices is infected by the malicious file.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×