Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-08-09
2011-08-09
Orgad, Edan (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C713S150000, C713S188000, C713S189000
Reexamination Certificate
active
07996904
ABSTRACT:
The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, and so can unpack programs packed by multiple arbitrary packers without requiring reverse-engineering of the packers or any human intervention. By tracking page modification and execution of an executable binary at run time, the packing control module can detect the instant at which the program's control is first transferred to a page whose content is dynamically generated, so AV scanning can then be invoked. Thus, code cannot be executed under the packing control manager without being scanned by an AV scanner first.
REFERENCES:
patent: 7296274 (2007-11-01), Cohen et al.
patent: 7836504 (2010-11-01), Ray et al.
patent: 2006/0174319 (2006-08-01), Kraemer et al.
patent: 2007/0106981 (2007-05-01), Bird
patent: 2008/0040710 (2008-02-01), Chiriac
patent: 2009/0049550 (2009-02-01), Shevchenko
Adrian Stepan,Improving proactive detection of packed malware, [online], 2006, retrieved from the URL:<http://www.virusbtn.com/virusbulletin/archive/2006/03/vb200603-pa...>.
Blackhat USA 2007, Black Hat USA 2007 Topics and Speakers, [online], 2007, retrieved from the URL:<http://www.blackhat.com/html/bh-usa-07-speakers.html#Qu....>.
Joe Stewart,Unpacking with OllyBonE, [online], Jan. 3, 2007, retrieved from the URL:<http://www.joestewart.org/ollybone/tutorial.html>.
Chiueh Tzi-cker
Guo Fanglu
Fenwick & West LLP
Orgad Edan
Symantec Corporation
Tolentino Roderick
LandOfFree
Automated unpacking of executables packed by multiple layers... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated unpacking of executables packed by multiple layers..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated unpacking of executables packed by multiple layers... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2663400