20250173439. Apparatus Methods Ap (Sophos Limited)
APPARATUS AND METHODS FOR AN APPLICATION PROGRAMMING INTERFACE TO DETECT AND LOCATE MALWARE IN MEMORY
Abstract: embodiments disclosed herein include an apparatus with a processor configured to receive an indication of a function call to an identified shared library and configured to perform an identified function. the processor is configured to insert a function hook in the shared library. the function hook is configured to pause the execution of the shared library when called. in response to the function hook, the processor is configured to identify a source location in one or more memories associated with an origin of the function call to the shared library. the processor is configured to scan a range of memory addresses associated with the source location in the one or more memories, and identify, based on the scanning, a potentially malicious process within the range of memory addresses.
Inventor(s): Mark Willem LOMAN, Lute Edwin ENGELS, Ronny Henk Gert TIJINK, Alexander VERMANING
CPC Classification: G06F21/566 ({Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities})
Search for rejections for patent application number 20250173439