	US 12,001,554 B2
	Just in time memory analysis for malware detection
Soumyadipta Das, Milpitas, CA (US); Alex Dubrovsky, Milpitas, CA (US); and Igor Korsunsky, Milpitas, CA (US)
Assigned to SonicWALL Inc., Milpitas, CA (US)
Filed by SonicWALL Inc., Milpitas, CA (US)
Filed on Oct. 19, 2021, as Appl. No. 17/505,327.
Application 17/505,327 is a continuation of application No. 15/783,793, filed on Oct. 13, 2017, granted, now 11,151,252.
Prior Publication US 2022/0035919 A1, Feb. 3, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 21/56 (2013.01)

CPC G06F 21/566 (2013.01) [G06F 2221/034 (2013.01); G06F 2221/2125 (2013.01)]

15 Claims

1. A method for analyzing computer data, the method comprising:

allowing instructions of a set of computer data to be executed by a processor;

monitoring actions performed by the execution of the instructions of the set of computer data, the monitoring performed by the processor executing a set of instrumentation code instructions;

pausing execution of the instructions of the computer data based on an identification that the monitored actions include writing data to a memory;

identifying that the monitored actions correspond to an access pattern of the memory that includes allocating a portion of the memory and includes invocation of an operating system program function, wherein the data written to the memory is written to a newly allocated memory portion;

comparing a signature generated from the data written to the allocated memory portion of the memory to a malware signature generated from previously identified malicious code; and

performing a corrective action based on an identification that the generated signature matches the malware signature.