Method of decrypting and analyzing encrypted malicious scripts

Information security – Monitoring or scanning of software or data including attack... – Intrusion detection

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Method of decrypting and analyzing encrypted malicious scripts Method of decrypting and analyzing encrypted malicious scripts

: 2003-10-14
: 2008-08-05
: Zand, Kambiz (Department: 2134)
: Information security
: Monitoring or scanning of software or data including attack...
: Intrusion detection

: Reexamination Certificate
: active
: 07409718
: ABSTRACT:
Disclosed herein is a method of analyzing and decrypting encrypted malicious scripts. The method of the present invention comprises the steps of classifying a malicious script encryption method into a case where a decryption function exists in malicious scripts and is an independent function that is not dependent on external codes such as run time library, a case where a decryption function exists and is a dependent function that is dependent on external codes, and a case where a decryption function does not exist; and if the decryption function exists in malicious scripts and is the independent function that is not dependent on the external codes, extracting a call expression and a function definition for the independent function, executing or emulating the extracted call expression and function definition for the independent function, and obtaining a decrypted script by putting a result value based on the execution or emulation into an original script at which an original call expression is located. According to the present invention, unknown malicious codes can be promptly and easily decrypted through only a single decryption algorithm without any additional data. In addition to the decryption of encrypted codes, complexity of later code analysis can also be reduced by substituting constants for all values that can be set as constants in a relevant script.

REFERENCES:
patent: 5696822 (1997-12-01), Nachenberg
patent: 5964889 (1999-10-01), Nachenberg
patent: 6851057 (2005-02-01), Nachenberg
patent: 6907396 (2005-06-01), Muttik et al.
patent: 2003/0159070 (2003-08-01), Mayer et al.
patent: 2003/0159090 (2003-08-01), Wray et al.
Journal of Korea Information Science Society: Information Networking, vol. 29, No. 5, Oct. 2002.

Affiliated with

Cho Si-Haeng

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Hong Man-Pyo

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Lee Sung-Wook

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Ajou University Industry Cooperation Foundation

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

Dilworth & Barrese LLP

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

Nalven Andrew L

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Zand Kambiz

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method of decrypting and analyzing encrypted malicious scripts does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of decrypting and analyzing encrypted malicious scripts, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of decrypting and analyzing encrypted malicious scripts will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-3999715

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure