	US 11,880,465 B2
	Analyzing multiple CPU architecture malware samples
Zihang Xiao, Los Gatos, CA (US); Cong Zheng, San Jose, CA (US); and ChienHua Lu, San Jose, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jun. 10, 2022, as Appl. No. 17/838,049.
Application 17/838,049 is a continuation of application No. 17/353,657, filed on Jun. 21, 2021.
Application 17/353,657 is a continuation of application No. 16/554,442, filed on Aug. 28, 2019, granted, now 11,080,400, issued on Aug. 3, 2021.
Prior Publication US 2022/0309160 A1, Sep. 29, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 8/41 (2018.01); G06F 21/56 (2013.01); G06F 21/53 (2013.01)

CPC G06F 21/567 (2013.01) [G06F 8/41 (2013.01); G06F 21/53 (2013.01)]

19 Claims

1. A system, comprising:

a processor configured to:

receive a first and second sample for analysis;

determine that the first sample was compiled for a CPU architecture that is different from a host CPU architecture;

execute the first sample in an emulated user space corresponding to the CPU architecture for which the first sample was compiled, wherein the emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture; and

analyze the first and second sample, at least partially concurrently, in a single virtual machine instance; and a memory coupled to the processor and configured to provide the processor with instructions.