Patent attributes
Disclosed are systems, methods and computer program products for detection, classification and reporting of malicious software. A method comprises loading software code into a computer system memory and emulating the software code. The software code and its activity log are then analyzed for presence of a malware. If a malware is detected, an execution flow graph is created from the activity log. The execution flow graph is then parsed using heuristic analysis to identify one or more malicious behavior patterns therein. Then, similarity indexes between the identified malicious behavior patterns and one or more malicious behavior patterns associated with known classes of malware are computed. The emulated software code is then classified into one or more classes of malware based on the computed similarity indexes. Finally, a comprehensive malware report of the emulated software code is generated based on the execution flow graph and malware classification information.
