News Column

Patent Application Titled "Method for Recognizing Malicious File" Published Online

June 19, 2014

By a News Reporter-Staff News Editor at Computer Weekly News -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Chiu, Ming-Chang (Taipei City, TW); Wu, Ming-Wei (Taipei City, TW); Wang, Ching-Chung (Taipei City, TW); Hsu, Che-Kuo (Taipei City, TW); Tsung, Pei-Kan (Taipei City, TW), filed on January 29, 2014, was made available online on June 5, 2014.

The assignee for this patent application is Xecure Lab Co., Ltd.

Reporters obtained the following quote from the background information supplied by the inventors: "This invention relates to a method for recognizing a malicious file particularly through a manner, which includes extracting codes and reassembling the codes, and finally determining whether the assembled code is executable in order to recognize a file with malicious program hiding in.

"In regards to malicious file, malwares may attack computer system through different ways. For example, a malware may be encrypted in several segments distributed within the code of a normal file, such as doc file, xls file, ppt file, pdf file and etc. For users, this kind of malicious file is usually considered as a normal file that could be a text document, figure or video file received through internet or any connected portable device. Once the normal file is executed, the encrypted malware could be executed simultaneously and accessing the operating system.

"A general approach for recognizing the malicious file is to extract multi-segments from the file as a fingerprint or signature of the file. With means of heuristics, the signature of file is then compared with a blacklist established in accordance with publicly known malware codes, so as to determine whether the file has malicious behavior.

"Most approaches prevent computer malwares in a passive way that arranges several surveillance gates in the computer system to catch the malware intending to access somewhere in the system. Namely, if the malware invades other location where has no surveillance gate, the system is then infected. If further putting up more surveillance gates in the computer system, the computing burden relatively increases and as well slows down the computation.

"Foregoing approach may effectively recognize the known malwares encrypted in normal files. However, the approach is not effective for the unknown or new malwares, as there is no record of feature for such new malwares in the blacklist. Therefore, there is a need of an ability for recognizing and predicting new malwares, even lacking of enough features about the malwares."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "The objective of the present invention is to provide a method for recognizing malicious file, through only one virtual environment, prior to executing a received file, avoiding the malicious software or malware encrypted in the file to access the operating system.

"In order to achieve the foregoing objective, the method of the present invention includes the following steps: receiving a static file through a network or an input/out interface to be stored in the memory; defining suspicious positions where components of a malware are possibly encrypted in the static file; decrypting the suspicious positions to identify a PE header and a shellcode; extracting the PE header and the shellcode terms in segments; and determining whether the PE header and the shellcode terms can be assembled into an executable binary which indicates a recognition of the malicious file.


"The invention, as well as its many advantages, may be further understood by the following detailed description and drawings in which:

"FIG. 1 is a block diagram of a system for malicious file recognition in accordance with the present invention.

"FIG. 2 is a flowchart showing the process of malicious file recognition in accordance with the present invention."

For more information, see this patent application: Chiu, Ming-Chang; Wu, Ming-Wei; Wang, Ching-Chung; Hsu, Che-Kuo; Tsung, Pei-Kan. Method for Recognizing Malicious File. Filed January 29, 2014 and posted June 5, 2014. Patent URL:

Keywords for this news article include: Xecure Lab Co. Ltd.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Computer Weekly News