Patents by Inventor Rachit Mathur

Rachit Mathur has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8176559
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for obfuscated malware. In one aspect, a method includes executing from a binary executable a call instruction and a plurality of instruction subsequent to a target of the call instruction, determining if the value identified by the stack pointer of the call stack is equal to a default value stored in the call stack prior to emulation, determining if there is a non-obfuscation signal resulting from the execution of the call instructions and the plurality of instructions, and if the value identified by the stack pointer is the default value and there is no obfuscation signal, identifying the call instruction as a possibly obfuscated call instruction; Additionally, the method includes determining that if the number of call instructions identified as possibly obfuscated call instructions exceeds a threshold number, identifying the binary executable as an obfuscated executable.
    Type: Grant
    Filed: December 16, 2009
    Date of Patent: May 8, 2012
    Assignee: McAfee, Inc.
    Inventors: Rachit Mathur, Cedric Cochin
  • Publication number: 20110283358
    Abstract: A method for detecting removal of a filter driver includes performing an operation on an element of a kernel mode of an operating system, the operation initiated by a user mode entity, obtaining the result of performing the operation, and comparing the result of performing the operation against an expected result of the operation. If the result of performing the operation matches the expected result of the operation, it is determined that a file system filter driver in the kernel mode of the operating system is working correctly. If the result of performing the operation does not match the expected result of the operation, it is determined that a file system filter driver in the kernel mode of the operating system has been compromised by malware.
    Type: Application
    Filed: May 17, 2010
    Publication date: November 17, 2011
    Applicant: MCAFEE, INC.
    Inventors: Cedric Cochin, Rachit Mathur, Tracy E. Camp
  • Publication number: 20110145921
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for obfuscated malware. In one aspect, a method includes executing from a binary executable a call instruction and a plurality of instruction subsequent to a target of the call instruction, determining if the value identified by the stack pointer of the call stack is equal to a default value stored in the call stack prior to emulation, determining if there is a non-obfuscation signal resulting from the execution of the call instructions and the plurality of instructions, and if the value identified by the stack pointer is the default value and there is no obfuscation signal, identifying the call instruction as a possibly obfuscated call instruction; Additionally, the method includes determining that if the number of call instructions identified as possibly obfuscated call instructions exceeds a threshold number, identifying the binary executable as an obfuscated executable.
    Type: Application
    Filed: December 16, 2009
    Publication date: June 16, 2011
    Applicant: McAfee, Inc.
    Inventors: Rachit Mathur, Cedric Cochin