Abstract: According to one embodiment, an non-transitory storage medium is configured to store a plurality of engines, which operate to conduct an analysis of a received object to determine if the object is associated with a malicious attack. The plurality of engines includes a first engine and a second engine. The first engine is configured to conduct a first analysis of the received object for anomalous behaviors including anomalous actions or omissions during virtual processing of the object that indicate the received object is malicious. The second engine is configured to conduct a second analysis corresponding to a classification of the object as being associated with a malicious attack. The analysis schemes conducted by the first engine and the second engine may be altered via configuration files, which adjusts (i) parameter value(s) or (ii) operation rules(s) to alter the analysis conducted by the first engine and/or second engine.

Abstract: Selective virtualization of resources is provided, where the resources may be intercepted and services or the resources may be intercepted and redirected. Virtualization logic monitors for one or more activities that are performed in connection with one or more resources and conducted during processing of an object within the virtual machine. The first virtualization logic further selectively virtualizes resources associated with the one or more activities that are initiated during the processing of the object within the virtual machine by at least redirecting a first request of a plurality of requests to a different resource than requesting by a monitored activity of the one or more activities.

Abstract: The disclosure is directed to a polyclonal antibody composition comprising a heterologous population of mammalian antibodies capable of specifically binding to tenofovir or a tenofovir derivative in a sample. Methods and assays for detecting tenofovir or a tenofovir derivative in a sample using the polyclonal antibody composition also are provided.

Abstract: Selective virtualization of resources is provided, where the resources may be intercepted and services or the resources may be intercepted and redirected. Virtualization logic monitors for one or more activities that are performed in connection with one or more resources and conducted during processing of an object within the virtual machine. The first virtualization logic further selectively virtualizes resources associated with the one or more activities that are initiated during the processing of the object within the virtual machine by at least redirecting a first request of a plurality of requests to a different resource than requesting by a monitored activity of the one or more activities.

Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.

Abstract: Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.

Abstract: A malicious content detection (MCD) system and a computerized method for manipulating time uses a time controller operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). The time controller may include a monitoring agent located in a software layer of a virtual environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock.

Abstract: A method of detecting malware in a specimen of computer content or network traffic is described. The method features conducting a first analysis on the specimen in accordance with a first plurality of analyses and an order of the first plurality of analyses. A second analysis is conducted on the specimen different than the first analysis type. Thereafter, further analyses on the specimen may be altered by modifying information associated with the first plurality of analyses or the order of the first plurality of analyses in response to feedback information based on results from at least the first analysis. The modified information changes a malware analysis of the specimen from being conducted in accordance with the first plurality of analyses to being conducted in accordance with a second plurality of analyses different in analysis type or in order of analyses than the first plurality of analyses.

Abstract: A malicious content detection (MCD) system and a computerized method for manipulating time uses two or more time controllers operating within the MCD system in order to capture the behavior of delayed activation malware (time bombs). Each time controller may include a monitoring agent located in a software layer of a computer runtime environment configured to intercept software calls (e.g., API calls or system calls) and/or other time checks that seek to obtain a “current time,” and time-dilation action logic located in a different layer (e.g., a hypervisor layer) configured to respond to the software calls by providing a “false” current time that indicates considerably more time has transpired than the real clock. Additionally, a primary controller may be used in some embodiments to configure and manage, the time controllers.

Abstract: According to one embodiment, a computerized method comprises processing one or more objects by a first thread of execution that are part of a multi-thread process, monitoring events that occur during the processing of the one or more objects by the first thread, and storing information associated with the monitored events within an event log. The stored information comprises at least an identifier of the first thread to maintain an association between the monitored events and the first thread. Subsequently, the stored information within the event log is accessed for rendering a graphical display of the monitored events detected during processing of the one or more objects by the first thread on a display screen.

Abstract: A non-transitory storage medium having stored thereon logic, the logic being executable by one or more processors to perform operations including comparing a current privilege of a first process with an initial privilege of the first process recorded in a privilege list, and responsive to determining a change exists between the current privilege of the first process and the initial privilege of the first process that is greater than a predetermined threshold, determining the first process is operating with the current privilege due to an exploit of privilege attack is shown.

Abstract: According to one embodiment, a system of detecting malware in a specimen of computer content or network traffic comprises a processor and a memory. The memory includes a first analysis logic and a second analysis logic that may be executed by the processor. Upon execution, the first analysis logic performs a static analysis in accordance with an analysis plan to identify one or more suspicious indicators associated with malware and one or more characteristics related to processing of the specimen. The second analysis logic performs a second analysis in accordance with the analysis plan by processing of the specimen in a virtual machine and monitoring for one or more unexpected behaviors during virtual processing of the specimen in the virtual machine. The analysis plan may be altered based on the results of one of the analyzes.

Abstract: Selective virtualization of resources is provided, where the resources may be intercepted and services or the resources may be intercepted and redirected. Virtualization logic monitors for a first plurality of requests that are initiated during processing of an object within the virtual machine. Each of the first plurality of requests, such as system calls for example, is associated with an activity to be performed in connection with one or more resources. The virtualization logic selectively virtualizes resources associated with a second plurality of requests that are initiated during the processing of the object within the virtual machine, where the second plurality of requests is lesser in number than the first plurality of requests.

Abstract: Embodiments of a packaged semiconductor device are provided, which includes a flag of a lead frame having a top surface and a bottom surface; a redistribution layer (RDL) structure formed on the top surface of the flag, the RDL structure including a first connection path having a first exposed bonding surface in a top surface of the RDL structure; and a first wirebond connected to the first exposed bonding surface and to a lead of the lead frame.

Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.

Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.

Abstract: Embodiments of a packaged semiconductor device are provided, which includes a flag of a lead frame having a top surface and a bottom surface; a redistribution layer (RDL) structure formed on the top surface of the flag, the RDL structure including a first connection path having a first exposed bonding surface in a top surface of the RDL structure; and a first wirebond connected to the first exposed bonding surface and to a lead of the lead frame.

Abstract: A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system.

Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.

Abstract: Techniques for malware detection are described. Herein, a system, which detects malware in a received specimen, comprises a processor and a memory. Communicatively coupled to the processor, the memory comprises a controller that controls analysis of the specimen for malware in accordance with an analysis plan. The memory further comprises (a) a static analysis module that performs at least a first static analysis to identify a suspicious indicator of malware and at least partially determine that the specimen includes a packed object; (b) an emulation analysis module that emulates operations associated with processing of the specimen by a software application or library, including unpacking an object of the specimen when the specimen is determined by the static analysis module to include the packed object, and monitors one or more behaviors of the specimen during the emulated operations; and a classifier that determines whether the specimen should be classified as malicious.