CN108229168A - A kind of Heuristic detection method, system and the storage medium of nesting class file - Google Patents
A kind of Heuristic detection method, system and the storage medium of nesting class file Download PDFInfo
- Publication number
- CN108229168A CN108229168A CN201711489577.3A CN201711489577A CN108229168A CN 108229168 A CN108229168 A CN 108229168A CN 201711489577 A CN201711489577 A CN 201711489577A CN 108229168 A CN108229168 A CN 108229168A
- Authority
- CN
- China
- Prior art keywords
- class file
- file
- malicious
- nested
- successful match
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
Abstract
The present invention proposes a kind of Heuristic detection method, system and the storage medium of nested class file, the method includes:File declustering is carried out to the nested class file of acquisition;The file type split out is obtained, and regularization processing is carried out to file type, is arranged as knowledge data;The knowledge data is matched with knowledge base;If successful match, there is malice in the nesting class file, export testing result, terminate detection;Otherwise malicious analysis is carried out to the nested class file of non-successful match.The present invention does not need to carry out complicated logic analysis; carry out Dynamic Execution script also without virtual environment; but heuristic detection is carried out based on that will generate this property of threat behavior under abnormal environment based on nested class file, it can effectively improve speed, the accuracy of detection.
Description
Technical field
The present invention relates to technical field of network security, more particularly to a kind of Heuristic detection method of nested class file is
System and storage medium.
Background technology
With the update of computer and popularizing for internet, differentiation also occurs accordingly for malicious code, either
All show higher growth trend in quantity or in total class.
Traditional heuristic detection technique is analyzed for sample entity, such as analysis logical construction, virtual environment
Middle Dynamic Execution etc. so as to carry out heuristic detection, but needs to expend a large amount of resource and time, not fast enough, centainly
More wasteful resource in degree.
Invention content
Based on the above problem, the present invention proposes a kind of Heuristic detection method, system and the storage medium of nested class file,
According to nested file type, heuristic detection is carried out, effectively improves the speed of detection.
The present invention realizes by the following method:
A kind of Heuristic detection method of nesting class file, including:
File declustering is carried out to the nested class file of acquisition;
The file type split out is obtained, and regularization processing is carried out to file type, is arranged as knowledge data;
The knowledge data is matched with knowledge base;If successful match, there is malice, output inspection in the nesting class file
It surveys as a result, terminating detection;Otherwise malicious analysis is carried out to the nested class file of non-successful match.
In the method, institute handles file type into brief biography of a deceased person regularization, arranges as knowledge data, specially:It will tear open
The all files type separated is integrated, and merges identical file type, and records the quantity of documents of same file type.
In the method, the knowledge base is, by carrying out Probability to the known nested class file with menace
Nested class file is carried out regularization treated knowledge data and is stored in knowledge base by statistics.
In the method, the nested class file to non-successful match carries out malicious analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.
In the method, after carrying out malicious analysis to the nested class file of non-successful match, further include:It is if malicious
Analysis result is malicious file, then extracts the knowledge data of nested class file;And by the knowledge data of the nested class file and
Corresponding testing result typing knowledge base.
The present invention also proposes a kind of heuristic detecting system of nested class file, including:
Module is split, file declustering is carried out to the nested class file of acquisition;
Data processing module obtains the file type split out, and carries out regularization processing to file type, arranges as knowledge number
According to;
Matching module matches the knowledge data with knowledge base;If successful match, the nesting class file, which exists, dislikes
Meaning exports testing result, terminates detection;Otherwise enter malicious analysis module;
Malicious analysis module carries out malicious analysis to the nested class file of non-successful match.
In the system, institute handles file type into brief biography of a deceased person regularization, arranges as knowledge data, specially:It will tear open
The all files type separated is integrated, and merges identical file type, and records the quantity of documents of same file type.
In the system, the knowledge base is, by carrying out Probability to the known nested class file with menace
Nested class file is carried out regularization treated knowledge data and is stored in knowledge base by statistics.
In the system, the nested class file to non-successful match carries out malicious analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.
In the system, after carrying out malicious analysis to the nested class file of non-successful match, further include:It is if malicious
Analysis result is malicious file, then extracts the knowledge data of nested class file;And by the knowledge data of the nested class file and
Corresponding testing result typing knowledge base.
A kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is held by processor
The Heuristic detection method of as above any nested class file is realized during row.
The present invention is analyzed not necessarily like traditional heuristic detection technique like that for sample entity, but to its into
The type of the simple file declustering of row, the then each derivative file of extraction, and it is organized into knowledge data, then know with existing
Know library to be matched, successful match then illustrates that the nesting class file has menace, otherwise carries out malicious detection, to malice text
Part carries out knowledge extraction, and extraction is completed directly to enter knowledge base.The present invention is compared to traditional heuristic detection, without carrying out complexity
Logic analysis, it is not required that virtual environment carrys out Dynamic Execution script, but be based on based on nested class file will under abnormal environment
This property of threat behavior is generated to carry out heuristic detection, can effectively improve speed, the accuracy of detection.
Description of the drawings
It, below will be to embodiment or the prior art in order to illustrate more clearly of the present invention or technical solution of the prior art
Attached drawing is briefly described needed in description, it should be apparent that, the accompanying drawings in the following description is only in the present invention
Some embodiments recorded, for those of ordinary skill in the art, without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of Heuristic detection method embodiment flow chart of nested class file of the present invention;
Fig. 2 is a kind of heuristic detecting system structure diagram of nested class file of the present invention.
Specific embodiment
In order to which those skilled in the art is made to more fully understand the technical solution in the embodiment of the present invention, and make the present invention's
Above-mentioned purpose, feature and advantage can be more obvious understandable, technical solution in the present invention made below in conjunction with the accompanying drawings further detailed
Thin explanation.
A kind of Heuristic detection method of nesting class file, as shown in Figure 1, including:
S101:File declustering is carried out to the nested class file of acquisition;
S102:Obtain the file type split out;
S103:Regularization processing is carried out to file type, is arranged as knowledge data;
S104:The knowledge data is matched with knowledge base;If successful match, there is malice in the nesting class file,
Testing result is exported, terminates detection;Otherwise malicious analysis is carried out to the nested class file of non-successful match.
In the method, institute handles file type into brief biography of a deceased person regularization, arranges as knowledge data, specially:It will tear open
The all files type separated is integrated, and merges identical file type, and records the quantity of documents of same file type.Example
Such as:The exe files of 32 and 64 are arranged as PE files.Two PE files are existed simultaneously in another nested class file, profit
With being expressed as json data reductions:{“file_type”:"PE”, “num”:2}.
In the method, the knowledge base is, by carrying out Probability to the known nested class file with menace
Nested class file is carried out regularization treated knowledge data and is stored in knowledge base by statistics.
The known nested class file with menace includes but not limited to several:
Macro and PE files exist simultaneously in Office files;
PE, APK file are entrained in Mail;
Nested flash file in pdf document;
Nesting PE files etc. in PE files.
Such as:Office macro is that Microsoft uses for convenience, and a kind of grammer provided is better simply can be with automatic running
Tool, but simultaneously containing macro and for PE files calling in the Office is likely to be then attacker in order to evade needle
The detection macro to office, by using it is macro can the characteristic of automatic running run the PE files of malice, with this complete entirely to attack
Hit behavior.If we carry out heuristic detection using the present invention, then it is prevented that such threatens the generation of event.
In the method, the nested class file to non-successful match carries out malicious analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.The process is similar to the process for forming knowledge base, and due to the appearance of unknown nested type, knowledge base exists
Can not matched situation, therefore can the mode of probability statistics be carried out by the testing result of the nested file to same type,
Judge the malicious probability of this document, if malicious larger, this document is judged as malice.
In the method, after carrying out malicious analysis to the nested class file of non-successful match, further include:It is if malicious
Analysis result is malicious file, then extracts the knowledge data of nested class file;And by the knowledge data of the nested class file and
Corresponding testing result typing knowledge base.
Such as:When knowledge data is two PE files, since the number comprising PE files in nested class file is more than 1, therefore
Heuristic testing result is with menace, so knowledge data and testing result are merged typing knowledge base, simplifies version json
Data representation is { " file_type ":"PE”, “num”:2, “trust”:”no”}.By to unknown nested class file
Detection and knowledge data extraction and typing, the extension knowledge base content that can be automated.
The present invention also proposes a kind of heuristic detecting system of nested class file, as shown in Fig. 2, including:
Module 201 is split, file declustering is carried out to the nested class file of acquisition;
Data processing module 202 obtains the file type split out, and carries out regularization processing to file type, arranges to know
Know data;
Matching module 203 matches the knowledge data with knowledge base;If successful match, the nesting class file is deposited
In malice, testing result is exported, terminates detection;Otherwise enter malicious analysis module;
Malicious analysis module 204 carries out malicious analysis to the nested class file of non-successful match.
In the system, institute handles file type into brief biography of a deceased person regularization, arranges as knowledge data, specially:It will tear open
The all files type separated is integrated, and merges identical file type, and records the quantity of documents of same file type.
In the system, the knowledge base is, by carrying out Probability to the known nested class file with menace
Nested class file is carried out regularization treated knowledge data and is stored in knowledge base by statistics.
In the system, the nested class file to non-successful match carries out malicious analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.
In the system, after carrying out malicious analysis to the nested class file of non-successful match, further include:It is if malicious
Analysis result is malicious file, then extracts the knowledge data of nested class file;And by the knowledge data of the nested class file and
Corresponding testing result typing knowledge base.
A kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is held by processor
The Heuristic detection method of as above any nested class file is realized during row.
The present invention is analyzed not necessarily like traditional heuristic detection technique like that for sample entity, but to its into
The type of the simple file declustering of row, the then each derivative file of extraction, and it is organized into knowledge data, then know with existing
Know library to be matched, successful match then illustrates that the nesting class file has menace, otherwise carries out malicious detection, to malice text
Part carries out knowledge extraction, and extraction is completed directly to enter knowledge base.The present invention is compared to traditional heuristic detection, without carrying out complexity
Logic analysis, it is not required that virtual environment carrys out Dynamic Execution script, but be based on based on nested class file will under abnormal environment
This property of threat behavior is generated to carry out heuristic detection, can effectively improve speed, the accuracy of detection.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for system reality
For applying example, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
Although depicting the present invention by embodiment, it will be appreciated by the skilled addressee that the present invention there are many deformation and
Change the spirit without departing from the present invention, it is desirable to which appended claim includes these deformations and changes without departing from the present invention's
Spirit.
Claims (11)
1. a kind of Heuristic detection method of nesting class file, which is characterized in that including:
File declustering is carried out to the nested class file of acquisition;
The file type split out is obtained, and regularization processing is carried out to file type, is arranged as knowledge data;
The knowledge data is matched with knowledge base;If successful match, there is malice, output inspection in the nesting class file
It surveys as a result, terminating detection;Otherwise malicious analysis is carried out to the nested class file of non-successful match.
2. the method as described in claim 1, which is characterized in that it is described that regularization processing is carried out to file type, it arranges to know
Know data, specially:The all files type split out is integrated, merges identical file type, and records phase identical text
The quantity of documents of part type.
3. the method as described in claim 1, which is characterized in that the knowledge base is, by known embedding with menace
It covers class file and carries out Probability statistics, nested class file is carried out regularization treated knowledge data is stored in knowledge base.
4. the method as described in claim 1, which is characterized in that the nested class file to non-successful match carries out malicious
Analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.
5. the method as described in claim 1, which is characterized in that malicious analysis is carried out to the nested class file of non-successful match
Afterwards, it further includes:If malicious analysis result is malicious file, the knowledge data of nested class file is extracted;And by the nesting
The knowledge data of class file and corresponding testing result typing knowledge base.
6. a kind of heuristic detecting system of nesting class file, which is characterized in that including:
Module is split, file declustering is carried out to the nested class file of acquisition;
Data processing module obtains the file type split out, and carries out regularization processing to file type, arranges as knowledge number
According to;
Matching module matches the knowledge data with knowledge base;If successful match, the nesting class file, which exists, dislikes
Meaning exports testing result, terminates detection;Otherwise enter malicious analysis module;
Malicious analysis module carries out malicious analysis to the nested class file of non-successful match.
7. the system as claimed in claim 1, which is characterized in that institute handles file type into brief biography of a deceased person regularization, arranges to know
Know data, specially:The all files type split out is integrated, merges identical file type, and records phase identical text
The quantity of documents of part type.
8. the system as claimed in claim 1, which is characterized in that the knowledge base is, by known embedding with menace
It covers class file and carries out Probability statistics, nested class file is carried out regularization treated knowledge data is stored in knowledge base.
9. the system as claimed in claim 1, which is characterized in that the nested class file to non-successful match carries out malicious
Analysis, specially:
The same type nesting class file of a large amount of known testing results is obtained, carries out Probability statistics, if malice is general in statistical result
Rate is more than non-malicious probability, then the nested class file of the non-successful match is malice, otherwise the nesting of the non-successful match
Class file is non-malicious.
10. the system as claimed in claim 1, which is characterized in that malicious point is carried out to the nested class file of non-successful match
After analysis, further include:If malicious analysis result is malicious file, the knowledge data of nested class file is extracted;It and will be described embedding
Cover the knowledge data of class file and corresponding testing result typing knowledge base.
11. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the program
The Heuristic detection method of the nested class file as described in any in claim 1-5 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711489577.3A CN108229168B (en) | 2017-12-29 | 2017-12-29 | Heuristic detection method, system and storage medium for nested files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711489577.3A CN108229168B (en) | 2017-12-29 | 2017-12-29 | Heuristic detection method, system and storage medium for nested files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108229168A true CN108229168A (en) | 2018-06-29 |
| CN108229168B CN108229168B (en) | 2021-07-20 |
Family
ID=62646429
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711489577.3A Active CN108229168B (en) | 2017-12-29 | 2017-12-29 | Heuristic detection method, system and storage medium for nested files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108229168B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109120593A (en) * | 2018-07-12 | 2019-01-01 | 南方电网科学研究院有限责任公司 | A kind of mobile application security guard system |
| CN110737894A (en) * | 2018-12-04 | 2020-01-31 | 哈尔滨安天科技集团股份有限公司 | Composite document security detection method and device, electronic equipment and storage medium |
| CN111797392A (en) * | 2019-04-09 | 2020-10-20 | 国家计算机网络与信息安全管理中心 | Method, device and storage medium for controlling infinite analysis of derivative file |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902918A (en) * | 2012-08-06 | 2013-01-30 | 厦门市美亚柏科信息股份有限公司 | Malicious file detection method based on composite feature code |
| CN103207970A (en) * | 2013-04-28 | 2013-07-17 | 北京奇虎科技有限公司 | Virus file scanning method and device |
| CN104462986A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of loophole triggering threats in PDF |
| CN105069355A (en) * | 2015-08-26 | 2015-11-18 | 厦门市美亚柏科信息股份有限公司 | Static detection method and apparatus for webshell deformation |
| CN105677558A (en) * | 2015-07-02 | 2016-06-15 | 哈尔滨安天科技股份有限公司 | Script heuristic detection method and system based on form normalization |
| CN106650450A (en) * | 2016-12-29 | 2017-05-10 | 哈尔滨安天科技股份有限公司 | Malicious script heuristic detection method and system based on code fingerprint identification |
| US20170357813A1 (en) * | 2016-06-08 | 2017-12-14 | Cylance Inc. | Avoidance of Malicious Content in Nested Files |
-
2017
- 2017-12-29 CN CN201711489577.3A patent/CN108229168B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902918A (en) * | 2012-08-06 | 2013-01-30 | 厦门市美亚柏科信息股份有限公司 | Malicious file detection method based on composite feature code |
| CN103207970A (en) * | 2013-04-28 | 2013-07-17 | 北京奇虎科技有限公司 | Virus file scanning method and device |
| CN104462986A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Detecting method and device of loophole triggering threats in PDF |
| CN105677558A (en) * | 2015-07-02 | 2016-06-15 | 哈尔滨安天科技股份有限公司 | Script heuristic detection method and system based on form normalization |
| CN105069355A (en) * | 2015-08-26 | 2015-11-18 | 厦门市美亚柏科信息股份有限公司 | Static detection method and apparatus for webshell deformation |
| US20170357813A1 (en) * | 2016-06-08 | 2017-12-14 | Cylance Inc. | Avoidance of Malicious Content in Nested Files |
| CN106650450A (en) * | 2016-12-29 | 2017-05-10 | 哈尔滨安天科技股份有限公司 | Malicious script heuristic detection method and system based on code fingerprint identification |
Non-Patent Citations (1)
| Title |
|---|
| 梅瑞 等: "典型文档类CVE漏洞检测工具的研究与实现", 《信息网络安全》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109120593A (en) * | 2018-07-12 | 2019-01-01 | 南方电网科学研究院有限责任公司 | A kind of mobile application security guard system |
| CN110737894A (en) * | 2018-12-04 | 2020-01-31 | 哈尔滨安天科技集团股份有限公司 | Composite document security detection method and device, electronic equipment and storage medium |
| CN111797392A (en) * | 2019-04-09 | 2020-10-20 | 国家计算机网络与信息安全管理中心 | Method, device and storage medium for controlling infinite analysis of derivative file |
| CN111797392B (en) * | 2019-04-09 | 2023-08-08 | 国家计算机网络与信息安全管理中心 | Method, device and storage medium for controlling infinite analysis of derivative files |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108229168B (en) | 2021-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aslan et al. | A new malware classification framework based on deep learning algorithms | |
| JP7278423B2 (en) | System and method for executable code detection, automatic feature extraction and position independent code detection | |
| CN107908963B (en) | Method for automatically detecting core characteristics of malicious codes | |
| Galal et al. | Behavior-based features model for malware detection | |
| CN106599686B (en) | A kind of Malware clustering method based on TLSH character representation | |
| RU2454714C1 (en) | System and method of increasing efficiency of detecting unknown harmful objects | |
| Rieck et al. | Automatic analysis of malware behavior using machine learning | |
| US9348998B2 (en) | System and methods for detecting harmful files of different formats in virtual environments | |
| US20100192222A1 (en) | Malware detection using multiple classifiers | |
| CN111460446B (en) | Malicious file detection method and device based on model | |
| CN109983464B (en) | Detecting malicious scripts | |
| CN107563201A (en) | Association sample lookup method, device and server based on machine learning | |
| CN108229168A (en) | A kind of Heuristic detection method, system and the storage medium of nesting class file | |
| CN107808096A (en) | Method, terminal device and the storage medium of malicious code are injected into during detection APK operations | |
| Vadrevu et al. | Maxs: Scaling malware execution with sequential multi-hypothesis testing | |
| Yuste et al. | Optimization of code caves in malware binaries to evade machine learning detectors | |
| Park et al. | Antibot: Clustering common semantic patterns for bot detection | |
| CN112257062B (en) | Sandbox knowledge base generation method and device based on frequent item set mining | |
| CN111898126A (en) | Android repackaging application detection method based on dynamically acquired user interface | |
| Grégio et al. | Visualization techniques for malware behavior analysis | |
| Chen et al. | A learning-based static malware detection system with integrated feature | |
| Lu et al. | Malicious word document detection based on multi-view features learning | |
| Alrabaee et al. | Decoupling coding habits from functionality for effective binary authorship attribution | |
| US8683452B1 (en) | Dynamically obfuscated javascript | |
| CN114662111A (en) | Malicious code software gene homology analysis method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Applicant after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 Room 506, No. 162 Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang Province Applicant before: Harbin Antiy Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee after: Antan Technology Group Co.,Ltd. Address before: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin High-tech Industrial Development Zone, Heilongjiang Province (838 Shikun Road) Patentee before: Harbin Antian Science and Technology Group Co.,Ltd. |