Systems and methods for analyzing PDF documents
First Claim
1. A system comprising:
- a hardware processor; and
a memory device coupled to the processor, the memory device comprisesa parser that, when executed by the hardware processor, examines one or more portions of a Portable Document Format (PDF) document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document, wherein the one or more examined portions of the PDF document comprise less than an entirety of the PDF document, andone or more virtual machines to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content, the one or more virtual machines to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting malicious activity within a Portable Document Format (PDF) document. The system includes a parser and one or more virtual machines. The parser that, when executed by a hardware processor, examines one or more portions of the PDF document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document. The examined portion(s) in total are less than an entirety of the PDF document. The virtual machine(s) are adapted to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content. The virtual machine(s) to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content.
644 Citations
61 Claims
-
1. A system comprising:
-
a hardware processor; and a memory device coupled to the processor, the memory device comprises a parser that, when executed by the hardware processor, examines one or more portions of a Portable Document Format (PDF) document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document, wherein the one or more examined portions of the PDF document comprise less than an entirety of the PDF document, and one or more virtual machines to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content, the one or more virtual machines to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer readable storage medium storing software that, upon execution by a processor, detects malware within a Portable Document Format (PDF) document, the non-transitory computer readable storage medium comprising:
-
a parser that, when executed by the processor, examines one or more portions of the PDF document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document, wherein the one or more examined portions of the PDF document comprise less than an entirety of the PDF document, and one or more virtual machines to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content, the one or more virtual machines to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A computerized method, comprising:
-
examining, by a parser executed by a hardware processor, one or more portions of a Portable Document Format (PDF) document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document, wherein the one or more examined portions of the PDF document comprise less than an entirety of the PDF document, and upon the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content, receiving the PDF document by one or more virtual machines to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
Specification