US 11,720,673 B2
Visual classification according to binary memory dump
Brajesh Kumar, Bangalore (IN); Sumit Lohani, Bangalore (IN); Sidney Da Santa Rita Gomindes, Bangalore (IN); and Muralivardhan R. Pannala, Fremont, CA (US)
Assigned to McAfee, LLC, San Jose, CA (US)
Filed by McAfee, LLC, San Jose, CA (US)
Filed on Sep. 25, 2020, as Appl. No. 17/33,445.
Prior Publication US 2022/0100855 A1, Mar. 31, 2022
Int. Cl. G06F 21/56 (2013.01); G06F 21/53 (2013.01); G06N 3/02 (2006.01); G06F 9/455 (2018.01); G06F 21/51 (2013.01)
CPC G06F 21/562 (2013.01) [G06F 9/45558 (2013.01); G06F 21/51 (2013.01); G06F 21/53 (2013.01); G06N 3/02 (2013.01); G06F 2009/45587 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method of detecting computer malware, comprising:
receiving a compressed binary object for analysis;
allocating the compressed binary object to a sandbox;
within the sandbox, unpacking the compressed binary object into an unpacked binary object and loading the unpacked binary object into an executable memory region;
performing a core dump of the executable memory region; and
performing a computer vision analysis of the core dump to determine malware characteristics.