	US 12,235,958 B2
	System and method for differential malware scanner
Aleksandr Ševčenko, Vilnius (LT); and Mantas Briliauskas, Vilnius (LT)
Assigned to UAB 360 IT, Vilnius (LT)
Filed by UAB 360 IT, Vilnius (LT)
Filed on Dec. 5, 2023, as Appl. No. 18/529,702.
Application 18/529,702 is a continuation of application No. 17/991,275, filed on Nov. 21, 2022, granted, now 11,880,460.
Application 17/991,275 is a continuation of application No. 17/575,033, filed on Jan. 13, 2022, granted, now 11,514,162, issued on Nov. 29, 2022.
Prior Publication US 2024/0111864 A1, Apr. 4, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06F 21/53 (2013.01)

CPC G06F 21/565 (2013.01) [G06F 21/566 (2013.01); G06F 2221/033 (2013.01)]

20 Claims

1. A malware filtering system having one or more processors and a memory storing instructions, which when executed by the one or more processors cause the system to:

retrieve an executable file downloaded to a user device;

break the executable file into a plurality of chunks;

execute the executable file in a virtual machine or protected sandbox;

correlate behaviors occurring during the execution of the executable file with each chunk of the plurality of chunks;

determine a probability that the executable file is malicious based on the behaviors correlated with each chunk of the plurality of chunks; and

determine whether the executable file is malicious based on the probability and a predefined threshold probability of maliciousness.