Abstract: Techniques for dependency emulation for executable samples are disclosed. In some embodiments, a system/process/computer program product for dependency emulation for executable samples includes receiving a sample for emulation for malware detection; determining that one or more libraries are missing from the sample for execution of the sample in an emulation environment; generating one or more stub libraries to facilitate the execution of the sample in the emulation environment; and executing the sample in the emulation environment.

Abstract: The detection of phishing Portable Document Format (PDF) files using an image-based deep learning approach is disclosed. A PDF document that includes a Universal Resource Locator is received. A likelihood that the received PDF document represents a phishing threat is determined, at least in part, by using an image based model. A verdict for the PDF document is provided as output based at least in part on the determined likelihood.

Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes executing a sample in a virtual environment, and determining whether the sample is malware based at least in part on memory-use artifacts obtained in connection with execution of the sample in the virtual environment.

Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.