Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.

Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.

Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.

Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.