-
公开(公告)号:US11558401B1
公开(公告)日:2023-01-17
申请号:US16353982
申请日:2019-03-14
申请人: FireEye, Inc.
发明人: Sai Vashisht , Sumer Deshpande , Sushant Paithane , Rajeev Menon
摘要: A computerized method for analyzing an object is disclosed. The computerized method includes performing, by a first cybersecurity system, a first malware analysis of the object, wherein a first context information is generated by the first cybersecurity system based on the first malware analysis. The first context information includes at least origination information of the object. Additionally, a second cybersecurity system, obtains the object and the first context information and performs a second malware analysis of the object to determine a verdict indicating maliciousness of the object. The second malware analysis is based at least in part on the first context information. The second cybersecurity system generates and issues a report based on the second malware analysis, the report including the verdict.
-
公开(公告)号:US10887328B1
公开(公告)日:2021-01-05
申请号:US16042998
申请日:2018-07-23
申请人: FireEye, Inc.
摘要: For one embodiment, a computerized method for detecting exploit attacks on an interpreter comprises configuring a virtual machine including a user mode and a kernel mode and processing an object by an application operating in the user mode of the virtual machine. Responsive to the processing of the object, detecting a loading of an interpreter. Furthermore, responsive to the loading of the interpreter, inserting one or more intercept points for detecting one or more types of software calls from the interpreter or for detecting a certain type or certain types of activities occurring within the interpreter. Thereafter, an exploit attack is detected as being conducted by the object in response to the interpreter invoking a software call that corresponds to the one or more types of software calls that is considered anomalous when invoked by the interpreter or an anomalous activity being conducted within the interpreter.
-
公开(公告)号:US10671726B1
公开(公告)日:2020-06-02
申请号:US14493201
申请日:2014-09-22
申请人: FireEye, Inc.
发明人: Sushant Paithane , Michael Vincent , Sai Vashisht
摘要: According to one embodiment, a computerized method comprises processing one or more objects by a first thread of execution that are part of a multi-thread process, monitoring events that occur during the processing of the one or more objects by the first thread, and storing information associated with the monitored events within an event log. The stored information comprises at least an identifier of the first thread to maintain an association between the monitored events and the first thread. Subsequently, the stored information within the event log is accessed for rendering a graphical display of the monitored events detected during processing of the one or more objects by the first thread on a display screen.
-
公开(公告)号:US09536091B2
公开(公告)日:2017-01-03
申请号:US13925737
申请日:2013-06-24
申请人: FireEye, Inc.
CPC分类号: G06F21/566 , G06F21/554 , G06F21/567 , H04L63/1416 , H04L63/145
摘要: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
摘要翻译: 根据一个实施例,系统包括一个或多个计数器; 比较逻辑; 以及通信地耦合到所述一个或多个计数器和所述比较逻辑的一个或多个硬件处理器。 一个或多个硬件处理器被配置为实例化适于分析所接收的内容的一个或多个虚拟机,其中所述一个或多个虚拟机被配置为监视由在处理内容期间进行的一个或多个事件引起的延迟,并且识别 该内容包括恶意软件,如果延迟超过第一个时间段。
-
公开(公告)号:US20140380474A1
公开(公告)日:2014-12-25
申请号:US13925737
申请日:2013-06-24
申请人: FireEye, Inc.
发明人: Sushant Paithane , Michael Vincent , Sai Vashisht
IPC分类号: G06F21/56
CPC分类号: G06F21/566 , G06F21/554 , G06F21/567 , H04L63/1416 , H04L63/145
摘要: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
摘要翻译: 根据一个实施例,系统包括一个或多个计数器; 比较逻辑; 以及通信地耦合到所述一个或多个计数器和所述比较逻辑的一个或多个硬件处理器。 一个或多个硬件处理器被配置为实例化适于分析所接收的内容的一个或多个虚拟机,其中所述一个或多个虚拟机被配置为监视由在处理内容期间进行的一个或多个事件引起的延迟,并且识别 该内容包括恶意软件,如果延迟超过第一个时间段。
-
公开(公告)号:US10834107B1
公开(公告)日:2020-11-10
申请号:US16404546
申请日:2019-05-06
申请人: FireEye, Inc.
摘要: A system and method for automatically analyzing an object for malware is described. Operating one or more virtual machines, the system and method provide an analysis environment variation framework to provide a more robust analysis of an object for malware. The multi-application, multi-plugin processing framework is configured within a virtual machine, where the framework for configuring a plurality of processes for analyzing the object for malware and each of plurality of processes is configured with a different application and plug-in combination selected based in part on a type of object being analyzed and operating concurrently with each other.
-
公开(公告)号:US10534906B1
公开(公告)日:2020-01-14
申请号:US15919085
申请日:2018-03-12
申请人: FireEye, Inc.
发明人: Sushant Paithane , Sai Vashisht
摘要: A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors, where the monitoring is conducted in an electronic device that is different than the electronic device within which an analysis of attributes of the objects is conducted beforehand. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.
-
公开(公告)号:US10430586B1
公开(公告)日:2019-10-01
申请号:US15258993
申请日:2016-09-07
申请人: FireEye, Inc.
摘要: A non-transitory storage medium including instructions that are executable by one or more processors to perform operations including instrumenting a VM is shown. The VM is used to process an object to determine whether the object is associated with malware. Logic within the VM analyzes memory allocated for a process within the VM for a point of interest (POI), the POI being an address of one of a set predetermined instructions likely to be associated with malware. The VMM detects a memory violation during processing of the object and responsive to detecting the memory violation, injects a transition event at the POI on the page on which the POI is located in memory. Further, responsive to detecting an attempted execution of the transition event, the VMM (i) emulates an instruction located at the POI, and (ii) the logic within the VM performs one or more malware detection routines.
-
公开(公告)号:US10417031B2
公开(公告)日:2019-09-17
申请号:US15081775
申请日:2016-03-25
申请人: FireEye, Inc.
发明人: Sushant Paithane , Michael Vincent
摘要: Selective virtualization of resources is provided, where the resources may be intercepted and services or the resources may be intercepted and redirected. Virtualization logic monitors for a first plurality of requests that are initiated during processing of an object within the virtual machine. Each of the first plurality of requests, such as system calls for example, is associated with an activity to be performed in connection with one or more resources. The virtualization logic selectively virtualizes resources associated with a second plurality of requests that are initiated during the processing of the object within the virtual machine, where the second plurality of requests is lesser in number than the first plurality of requests.
-
公开(公告)号:US20160335110A1
公开(公告)日:2016-11-17
申请号:US15081775
申请日:2016-03-25
申请人: FireEye, Inc.
发明人: Sushant Paithane , Michael Vincent
CPC分类号: G06F9/45558 , G06F21/53 , G06F2009/45562 , G06F2009/45587 , G06F2009/45591 , G06F2221/033 , H04L63/145
摘要: Selective virtualization of resources is provided, where the resources may be intercepted and services or the resources may be intercepted and redirected. Virtualization logic monitors for a first plurality of requests that are initiated during processing of an object within the virtual machine. Each of the first plurality of requests, such as system calls for example, is associated with an activity to be performed in connection with one or more resources. The virtualization logic selectively virtualizes resources associated with a second plurality of requests that are initiated during the processing of the object within the virtual machine, where the second plurality of requests is lesser in number than the first plurality of requests.
摘要翻译: 提供了资源的选择性虚拟化,其中资源可能被拦截,服务或资源可能被拦截和重定向。 虚拟化逻辑监视在处理虚拟机期间的对象时发起的第一多个请求。 诸如系统调用的第一多个请求中的每一个与要与一个或多个资源相关联地执行的活动相关联。 虚拟化逻辑选择性地虚拟化与在虚拟机内的对象的处理期间发起的第二多个请求相关联的资源,其中第二多个请求的次数比第一多个请求的数量少。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.019 秒)
