US 11,930,019 B2
Methods and systems for fast-paced dynamic malware analysis
Reem Abdullah Algarawi, Jubail (SA); and Majed Ali Hakami, Dammam (SA)
Assigned to Saudi Arabian Oil Company, Dhahran (SA)
Filed by Saudi Arabian Oil Company, Dhahran (SA)
Filed on Apr. 21, 2021, as Appl. No. 17/236,056.
Prior Publication US 2022/0345467 A1, Oct. 27, 2022
Int. Cl. H04L 29/06 (2006.01); G06F 9/455 (2018.01); G06F 21/56 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) [G06F 9/45558 (2013.01); G06F 21/565 (2013.01); G06F 2009/45587 (2013.01); G06F 2009/45595 (2013.01); G06F 2221/034 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A malware analysis method comprising:
receiving a file on a virtual machine, the virtual machine comprising:
a web debugging proxy, wherein the web debugging proxy is prepared to filter web traffic noise by gathering a baseline reading of web traffic of the virtual machine,
a system resource monitor, and
a file analysis tool;
performing, with the file analysis tool, a static analysis on the file, the static analysis comprising:
determining a set of file properties of the file; and
storing the determined file properties in a repository;
performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis comprising:
running the file on the virtual machine;
determining, with the web debugging proxy, web traffic of the virtual machine;
determining, with the system resource monitor, executed commands and modifications to system resources of the virtual machine originating from the file; and
storing the determined traffic and executed commands in the repository.