Abstract: Disclosed herein are systems and methods for detecting malicious files based on file fragments. In one aspect, an exemplary method comprises, extracting data fragments from a file, for each extracted data fragment, determining a category selected from a list of categories that includes at least: trusted, malicious, and untrusted, when a number of data fragments categorized as being malicious is below a predetermined threshold, avoiding categorization of the file as malicious, and when a number of data fragments categorized as being malicious reaches or exceeds the predetermined threshold, determining whether at least one malicious file detection rule having criteria for detecting a malicious file is found, when at least one malicious file detection rule whose criteria is met is found, categorizing the file as a malicious file, and when no malicious file detection rule whose criteria is met is found, avoiding categorization of the file as a malicious file.

Abstract: Disclosed herein are systems and methods for detecting malicious files based on file fragments. In one aspect, an exemplary method comprises, extracting data fragments from a file, for each extracted data fragment, determining a category selected from a list of categories that includes at least: trusted, malicious, and untrusted, when a number of data fragments categorized as being malicious is below a predetermined threshold, avoiding categorization of the file as malicious, and when a number of data fragments categorized as being malicious reaches or exceeds the predetermined threshold, determining whether at least one malicious file detection rule having criteria for detecting a malicious file is found, when at least one malicious file detection rule whose criteria is met is found, categorizing the file as a malicious file, and when no malicious file detection rule whose criteria is met is found, avoiding categorization of the file as a malicious file.