Patents by Inventor Esmid Idrizovic

Esmid Idrizovic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12657286
    Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.
    Type: Grant
    Filed: July 29, 2024
    Date of Patent: June 16, 2026
    Assignee: Palo Alto Networks, Inc.
    Inventors: Esmid Idrizovic, Daniel Raygoza, Robert Jung, Michael S. Hughes
  • Publication number: 20260147892
    Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes executing a sample in a virtual environment, and determining whether the sample is malware based at least in part on memory-use artifacts obtained in connection with execution of the sample in the virtual environment.
    Type: Application
    Filed: January 21, 2026
    Publication date: May 28, 2026
    Inventors: Sujit Rokka Chhetri, Akshata Krishnamoorthy Rao, Daniel Raygoza, Esmid Idrizovic, William Redington Hewlett II, Robert Jung
  • Publication number: 20260093516
    Abstract: Techniques for providing enhanced live virtual machine file system instrumentation for security analysis are disclosed. In some embodiments, a system/process/computer program product for providing enhanced live virtual machine file system instrumentation for security analysis includes receiving a sample for automated dynamic analysis using a computing environment; freezing time in the computing environment in response to detecting an event during execution of the sample in the computing environment and reassemble one or more files; and performing an automated malware analysis using results of the automated dynamic analysis and the one or more reassembled files.
    Type: Application
    Filed: September 30, 2024
    Publication date: April 2, 2026
    Inventors: Robert Jung, Michael S. Hughes, Daniel Raygoza, Esmid Idrizovic, Abhiroop Dabral
  • Patent number: 12561434
    Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes executing a sample in a virtual environment, and determining whether the sample is malware based at least in part on memory-use artifacts obtained in connection with execution of the sample in the virtual environment.
    Type: Grant
    Filed: April 7, 2022
    Date of Patent: February 24, 2026
    Assignee: Palo Alto Networks, Inc.
    Inventors: Sujit Rokka Chhetri, Akshata Krishnamoorthy Rao, Daniel Raygoza, Esmid Idrizovic, William Redington Hewlett, II, Robert Jung
  • Publication number: 20250294053
    Abstract: The detection of phishing Portable Document Format (PDF) files using an image-based deep learning approach is disclosed. A PDF document is received. A likelihood that the received PDF document represents a threat is determined, at least in part, by using an image based model that was previously trained, at least in part, using a plurality of images that were generated using one or more tools that collectively convert a set of given PDF document files to the respective plurality of images. A verdict for the PDF document is provided as output based at least in part on the determined likelihood.
    Type: Application
    Filed: May 30, 2025
    Publication date: September 18, 2025
    Inventors: Min Du, Hao Huang, Curtis Leland Carmony, Wenjun Hu, Daniel Raygoza, Tyler Pals Halfpop, Jeff White, Esmid Idrizovic
  • Patent number: 12348560
    Abstract: The detection of phishing Portable Document Format (PDF) files using an image-based deep learning approach is disclosed. A PDF document that includes a Universal Resource Locator is received. A likelihood that the received PDF document represents a phishing threat is determined, at least in part, by using an image based model. A verdict for the PDF document is provided as output based at least in part on the determined likelihood.
    Type: Grant
    Filed: May 2, 2022
    Date of Patent: July 1, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Min Du, Hao Huang, Curtis Leland Carmony, Wenjun Hu, Daniel Raygoza, Tyler Pals Halfpop, Jeff White, Esmid Idrizovic
  • Publication number: 20250124130
    Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.
    Type: Application
    Filed: December 23, 2024
    Publication date: April 17, 2025
    Inventors: Robert Jung, Daniel Raygoza, Michael S. Hughes, Esmid Idrizovic
  • Patent number: 12223044
    Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: February 11, 2025
    Assignee: Palo Alto Networks, Inc.
    Inventors: Robert Jung, Daniel Raygoza, Michael S. Hughes, Esmid Idrizovic
  • Publication number: 20240386092
    Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.
    Type: Application
    Filed: July 29, 2024
    Publication date: November 21, 2024
    Inventors: Esmid Idrizovic, Daniel Raygoza, Robert Jung, Michael S. Hughes
  • Publication number: 20240345863
    Abstract: A hypervisor-based service monitors antimalware scan interface (AMSI) events triggered from inside a virtual machine (VM) to analyze behavior of software samples. A sample is loaded into a VM for execution by an AMSI-enabled application/service of the VM. The monitoring service can register a dummy AMSI provider for the VM, which enables the AMSI for compatible applications/services of the VM upon registration but does not implement buffer scanning or analysis. The monitoring service hooks into at least a first function of the AMSI by which buffers are submitted for a malware scan. Upon invocation of the function from inside the VM, the monitoring service intercepts the buffer submission and analyzes the buffer based on criteria for detecting an AMSI bypass attempt. If at least a first AMSI bypass detection criterion is satisfied, the monitoring service blocks the attempted AMSI bypass and continues monitoring execution of the sample.
    Type: Application
    Filed: July 6, 2023
    Publication date: October 17, 2024
    Inventors: Michael Sean Hughes, Esmid Idrizovic, Robert Alphonse Jung, Saqib Ahmed Khanzada
  • Publication number: 20240320338
    Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes (a) receiving a sample for malware analysis, (b) applying a machine learning model to obtain a classification for the sample based at least in part on (i) memory artifact data associated with the sample, and (ii) at least one of dynamic execution log data for the sample and static file structures associated with the sample, and (c) determining whether the sample is malicious based at least in part on the classification.
    Type: Application
    Filed: April 23, 2024
    Publication date: September 26, 2024
    Inventors: Sujit Rokka Chhetri, Akshata Krishnamoorthy Rao, Daniel Raygoza, Esmid Idrizovic, William Redington Hewlett II, Robert Jung
  • Patent number: 12086235
    Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: September 10, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Esmid Idrizovic, Daniel Raygoza, Robert Jung, Michael S. Hughes
  • Publication number: 20240176869
    Abstract: Techniques for dependency emulation for executable samples are disclosed. In some embodiments, a system/process/computer program product for dependency emulation for executable samples includes receiving a sample for emulation for malware detection; determining that one or more libraries are missing from the sample for execution of the sample in an emulation environment; generating one or more stub libraries to facilitate the execution of the sample in the emulation environment; and executing the sample in the emulation environment.
    Type: Application
    Filed: November 30, 2022
    Publication date: May 30, 2024
    Inventors: Esmid Idrizovic, Robert Jung, Daniel Raygoza, Michael S. Hughes
  • Publication number: 20230344867
    Abstract: The detection of phishing Portable Document Format (PDF) files using an image-based deep learning approach is disclosed. A PDF document that includes a Universal Resource Locator is received. A likelihood that the received PDF document represents a phishing threat is determined, at least in part, by using an image based model. A verdict for the PDF document is provided as output based at least in part on the determined likelihood.
    Type: Application
    Filed: May 2, 2022
    Publication date: October 26, 2023
    Inventors: Min Du, Hao Huang, Curtis Leland Carmony, Wenjun Hu, Daniel Raygoza, Tyler Pals Halfpop, Jeff White, Esmid Idrizovic
  • Publication number: 20230325501
    Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes executing a sample in a virtual environment, and determining whether the sample is malware based at least in part on memory-use artifacts obtained in connection with execution of the sample in the virtual environment.
    Type: Application
    Filed: April 7, 2022
    Publication date: October 12, 2023
    Inventors: Sujit Rokka Chhetri, Akshata Krishnamoorthy Rao, Daniel Raygoza, Esmid Idrizovic, William Redington Hewlett, II, Robert Jung
  • Publication number: 20230004639
    Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.
    Type: Application
    Filed: June 30, 2021
    Publication date: January 5, 2023
    Inventors: Esmid Idrizovic, Daniel Raygoza, Robert Jung, Michael S. Hughes