CN101989322B - 自动提取恶意代码内存特征的方法和系统 - Google Patents
自动提取恶意代码内存特征的方法和系统 Download PDFInfo
- Publication number
- CN101989322B CN101989322B CN2010105512703A CN201010551270A CN101989322B CN 101989322 B CN101989322 B CN 101989322B CN 2010105512703 A CN2010105512703 A CN 2010105512703A CN 201010551270 A CN201010551270 A CN 201010551270A CN 101989322 B CN101989322 B CN 101989322B
- Authority
- CN
- China
- Prior art keywords
- dump
- characteristic
- malicious code
- thread
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012360 testing method Methods 0.000 claims abstract description 56
- 238000000605 extraction Methods 0.000 claims abstract description 54
- 241000700605 Viruses Species 0.000 claims description 32
- 238000012098 association analyses Methods 0.000 claims description 23
- 239000000284 extract Substances 0.000 claims description 11
- 210000003746 feather Anatomy 0.000 abstract 6
- 238000010219 correlation analysis Methods 0.000 abstract 4
- 238000012512 characterization method Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000008030 elimination Effects 0.000 description 2
- 238000003379 elimination reaction Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000003750 conditioning effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105512703A CN101989322B (zh) | 2010-11-19 | 2010-11-19 | 自动提取恶意代码内存特征的方法和系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010105512703A CN101989322B (zh) | 2010-11-19 | 2010-11-19 | 自动提取恶意代码内存特征的方法和系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101989322A CN101989322A (zh) | 2011-03-23 |
CN101989322B true CN101989322B (zh) | 2012-11-21 |
Family
ID=43745854
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010105512703A Active CN101989322B (zh) | 2010-11-19 | 2010-11-19 | 自动提取恶意代码内存特征的方法和系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101989322B (zh) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9286182B2 (en) * | 2011-06-17 | 2016-03-15 | Microsoft Technology Licensing, Llc | Virtual machine snapshotting and analysis |
CN102819697B (zh) * | 2011-12-26 | 2015-07-22 | 哈尔滨安天科技股份有限公司 | 一种基于线程反编译的多平台恶意代码检测方法和系统 |
CN103294950B (zh) * | 2012-11-29 | 2016-07-06 | 北京安天电子设备有限公司 | 一种基于反向追踪的高威窃密恶意代码检测方法及系统 |
CN108717509B (zh) * | 2018-06-05 | 2020-06-23 | 厦门安胜网络科技有限公司 | 一种在沙箱中提取程序衍生物的方法、装置、设备及可读介质 |
CN111563000B (zh) * | 2020-04-28 | 2023-08-18 | 深圳市震有软件科技有限公司 | 一种文件生成方法、智能终端及存储介质 |
CN112560018B (zh) * | 2020-12-23 | 2023-10-31 | 苏州三六零智能安全科技有限公司 | 样本文件检测方法、装置、终端设备以及存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645119A (zh) * | 2008-08-07 | 2010-02-10 | 中国科学院软件研究所 | 一种基于虚拟硬件环境的恶意代码自动分析方法及系统 |
CN101685483A (zh) * | 2008-09-22 | 2010-03-31 | 成都市华为赛门铁克科技有限公司 | 一种病毒特征码提取的方法和装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7370360B2 (en) * | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
-
2010
- 2010-11-19 CN CN2010105512703A patent/CN101989322B/zh active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645119A (zh) * | 2008-08-07 | 2010-02-10 | 中国科学院软件研究所 | 一种基于虚拟硬件环境的恶意代码自动分析方法及系统 |
CN101685483A (zh) * | 2008-09-22 | 2010-03-31 | 成都市华为赛门铁克科技有限公司 | 一种病毒特征码提取的方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN101989322A (zh) | 2011-03-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101989322B (zh) | 自动提取恶意代码内存特征的方法和系统 | |
US10705748B2 (en) | Method and device for file name identification and file cleaning | |
CN112866023B (zh) | 网络检测、模型训练方法、装置、设备及存储介质 | |
CN110765770A (zh) | 一种合同自动生成方法及装置 | |
US11328061B2 (en) | System and method of inspecting archive slices for malware | |
CN106294222A (zh) | 一种确定pcie设备与插槽对应关系的方法及装置 | |
CN104700033A (zh) | 病毒检测的方法及装置 | |
CN103092664A (zh) | 一种安卓系统的数据文件的处理方法和装置 | |
CN103699585A (zh) | 文件的元数据存储以及文件恢复的方法、装置和系统 | |
CN104978521A (zh) | 一种实现恶意代码标注的方法及系统 | |
CN105205397A (zh) | 恶意程序样本分类方法及装置 | |
CN108256329B (zh) | 基于动态行为的细粒度rat程序检测方法、系统及相应的apt攻击检测方法 | |
US20220335019A1 (en) | Incremental transfer of database segments | |
US8341538B1 (en) | Systems and methods for reducing redundancies in quality-assurance reviews of graphical user interfaces | |
CN103714269A (zh) | 病毒的识别方法及设备 | |
US11423099B2 (en) | Classification apparatus, classification method, and classification program | |
CN114037912A (zh) | 遥感图像的变化检测方法、装置及计算机可读存储介质 | |
CN108229168B (zh) | 一种嵌套类文件的启发式检测方法、系统及存储介质 | |
CN107844515B (zh) | 数据合规检查方法及装置 | |
CN104182479A (zh) | 一种处理信息的方法及装置 | |
CN114116811B (zh) | 日志处理方法、装置、设备及存储介质 | |
CN115795466A (zh) | 一种恶意软件组织识别方法及设备 | |
CN105844176B (zh) | 安全策略生成方法及设备 | |
CN104750846A (zh) | 一种子串查找方法及装置 | |
CN104991963B (zh) | 文件处理方法和装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee | ||
CP02 | Change in the address of a patent holder |
Address after: 100190 Zhongguancun Haidian District street, No. 14, layer, 1 1415-16 Patentee after: Beijing Antiy Electronic Installation Co., Ltd. Address before: 100085, 2B-521, bright city, No. 1, Nongda South Road, Beijing, Haidian District Patentee before: Beijing Antiy Electronic Installation Co., Ltd. |
|
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 100190 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a Patentee after: Beijing ahtech network Safe Technology Ltd Address before: 100190 Zhongguancun Haidian District street, No. 14, layer, 1 1415-16 Patentee before: Beijing Antiy Electronic Installation Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method and system for automatically extracting memory features of malicious code Effective date of registration: 20181119 Granted publication date: 20121121 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2018990001084 Denomination of invention: Method and system for automatically extracting memory features of malicious code Effective date of registration: 20181119 Granted publication date: 20121121 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2018990001084 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20200508 Granted publication date: 20121121 Pledgee: Shanghai Pudong Development Bank Limited by Share Ltd Harbin branch Pledgor: BEIJING ANTIY NETWORK TECHNOLOGY Co.,Ltd. Registration number: 2018990001084 |