Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.

Abstract: Embodiments include identifying, at a logical path node, a first logical path and a second logical path; executing, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path; storing, in a memory, a first set of information obtained from following the first logical path; evaluating, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restoring, from the memory, environmental data for the first logical path node; executing, by the processor, a second set of instructions to follow the second logical path; storing, in a memory, a second set of information obtained from following the second logical path; and evaluating, by the malware handler module, the second set of information for malware.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.

Abstract: Embodiments are directed to hooking a call for a malware monitoring logic into a JavaScript API engine interpreter. Upon JavaScript being placed into heap memory, the malware monitoring logic can initiate an evaluation or analysis of the heap spray to determine whether the JavaScript includes malware or other malicious agents prior to execution of the JavaScript shell code. Upon execution of the JavaScript within the sandbox, the malware monitoring logic can initiate monitoring of the JavaScript using malware analysis and/or execution profiling techniques. Inferences can be made of the presence of malware based on a start and end time of the JavaScript execution.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only to assist with the mitigation of malicious invocation of sensitive code. The code pages can be remapped as execute only in an alternate extended page table view to allow for the detection and mitigation of malicious invocation of sensitive code.

Abstract: Embodiments include identifying, at a logical path node, a first logical path and a second logical path; executing, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path; storing, in a memory, a first set of information obtained from following the first logical path; evaluating, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restoring, from the memory, environmental data for the first logical path node; executing, by the processor, a second set of instructions to follow the second logical path; storing, in a memory, a second set of information obtained from following the second logical path; and evaluating, by the malware handler module, the second set of information for malware.

Abstract: Embodiments are directed to hooking a call for a malware monitoring logic into a JavaScript API engine interpreter. Upon JavaScript being placed into heap memory, the malware monitoring logic can initiate an evaluation or analysis of the heap spray to determine whether the JavaScript includes malware or other malicious agents prior to execution of the JavaScript shell code. Upon execution of the JavaScript within the sandbox, the malware monitoring logic can initiate monitoring of the JavaScript using malware analysis and/or execution profiling techniques. Inferences can be made of the presence of malware based on a start and end time of the JavaScript execution.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.