US 11,687,652 B1 | ||
Clustering of binary files using architecture-agnostic digests | ||
Fernando Vinicius Merces Pinheiro, Sao Paulo (BR); and Joey Nojas Costoya, Manila (PH) | ||
Assigned to Trend Micro Incorporated, Tokyo (JP) | ||
Filed by Trend Micro Incorporated, Tokyo (JP) | ||
Filed on Aug. 27, 2019, as Appl. No. 16/552,430. | ||
Int. Cl. G06F 21/00 (2013.01) |
CPC G06F 21/565 (2013.01) [G06F 2221/034 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
receiving a target binary file; reducing the target binary file to its architecture-agnostic functions that are called at runtime, wherein the architecture-agnostic functions are not dependent on a processor architecture for which a source code of the target binary file was compiled; forming the architecture-agnostic functions of the target binary file into an input string; calculating a target digest of the input string; identifying a cluster comprising digests of malicious binary files that are similar to the target digest; and in response to identifying the cluster, detecting the target binary file to be malicious and of a same malware family as the malicious binary files. |