Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.

Abstract: Techniques for identifying malware based on system API function pointers are disclosed. In some embodiments, a system/process/computer program product for identifying malware based on system API function pointers includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamic evasion behavior using an Application Programming Interface (API) vector comprising a plurality of system API function pointers identified in the memory during execution of the malware sample in the computing environment; and generating a signature based on the API vector for automatically detecting the malware during execution in the memory, wherein the malware sample was determined to be malicious.

Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes receiving a sample that comprises a .NET file, obtaining imported API function names based at least in part on a .NET header of the .NET file, determining a hash of a list of unmanaged imported API function names, and determining whether the sample is malware based at least in part on the hash of the list of unmanaged imported API function names.

Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.

Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes (a) receiving a sample for malware analysis, (b) applying a machine learning model to obtain a classification for the sample based at least in part on (i) memory artifact data associated with the sample, and (ii) at least one of dynamic execution log data for the sample and static file structures associated with the sample, and (c) determining whether the sample is malicious based at least in part on the classification.

Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.

Abstract: Techniques for dependency emulation for executable samples are disclosed. In some embodiments, a system/process/computer program product for dependency emulation for executable samples includes receiving a sample for emulation for malware detection; determining that one or more libraries are missing from the sample for execution of the sample in an emulation environment; generating one or more stub libraries to facilitate the execution of the sample in the emulation environment; and executing the sample in the emulation environment.

Abstract: A guide device for a machine tool including a base body having at least one contact surface, a guide rail having at least one bearing surface and a guide axis, and a plurality of exchangeable support plates for positioning the guide rail on the base body.

Abstract: The present application discloses a method, system, and computer system for detecting malicious .NET files. The method includes receiving a sample that comprises a .NET file, obtaining information pertaining to common language runtime (CLR) metadata and streams associated with the .NET file, and determining whether the sample is malware based at least in part on (i) a classifier, and (ii) the information pertaining to the CLR metadata and streams.

Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes executing a sample in a virtual environment, and determining whether the sample is malware based at least in part on memory-use artifacts obtained in connection with execution of the sample in the virtual environment.

Abstract: The present invention relates to a central tool storage device WL with a tool storage S, containing a plurality of wheel magazines S3 positioned one behind the other, a movable manipulator S12 as well as a provisioning station S4 provided with a movable provisioning bar S4 and a mobile transport unit E, which, for providing tools W for a machine tool WM spaced apart, removes a tool W from the wheel magazines with the aid of the manipulator S12 and transfers it via the provisioning bar S4 to the provisioning station S2 of the mobile transport unit E to transport it to the respective machine tool WM without a guide or track, and which, for storing tools W received from at least one machine tool WM, transfers the tool W via the mobile transport unit E to the provisioning bar S4 of the provisioning station S2 and removes it from the provisioning bar S2 with the aid of the manipulator S12 and adds it to a wheel magazine S3 of the tool storage S.

Abstract: The present application discloses a method, system, and computer system for detecting malicious files. The method includes receiving a sample that comprises a .NET file, obtaining imported API function names based at least in part on a .NET header of the .NET file, determining a hash of a list of unmanaged imported API function names, and determining whether the sample is malware based at least in part on the hash of the list of unmanaged imported API function names.

Abstract: Techniques for detecting malware via scanning for dynamically generated function pointers in memory are disclosed. In some embodiments, a system/process/computer program product for detecting malware via scanning for dynamically generated function pointers in memory includes detecting a dynamically generated function pointer in memory based on an analysis of monitored changes in memory during execution of a malware sample in a computing environment; and generating a signature based on detection of the dynamically generated function pointer in memory, wherein the malware sample was determined to be malicious.

Abstract: Techniques for early exit dynamic analysis of a virtual machine are disclosed. In some embodiments, a system/process/computer program product for early exit dynamic analysis of a virtual machine includes initiating a dynamic analysis of a malware sample by executing the malware sample in a virtual computing environment; monitoring activities of the malware sample during execution of the malware sample in the virtual computing environment; and determining when to exit the dynamic analysis before a predetermined period of time.

Abstract: The present invention relates to a guide device for a machine tool comprising a base body having at least one contact surface, a guide rail having at least one bearing surface and a guide axis, and a plurality of exchangeable support plates for positioning the guide rail on the base body.

Abstract: Techniques for detecting malware via scanning for dynamically generated function pointers in memory are disclosed. In some embodiments, a system/process/computer program product for detecting malware via scanning for dynamically generated function pointers in memory includes detecting a dynamically generated function pointer in memory based on an analysis of monitored changes in memory during execution of a malware sample in a computing environment; and generating a signature based on detection of the dynamically generated function pointer in memory, wherein the malware sample was determined to be malicious.

Abstract: The present invention relates to a machine tool 1000, comprising: a machine table 200 pivotable about a pivot axis 230 for clamping a workpiece WS, a workpiece magazine 300 with a plurality of magazine locations 310 for receiving respective workpieces WS, and a workpiece changing device 400 for introducing or exchanging a workpiece WS on the machine table 200, wherein the pivotable machine table 200 is configured to pivot into a changing position for introducing or exchanging the workpiece WS on the machine table 200 by means of the workpiece changing device, and the workpiece changing device 400 is configured to introduce or exchange the workpiece on the machine table 200 pivoted into the changing position.

Abstract: Techniques for detecting malware via scanning for dynamically generated function pointers in memory are disclosed. In some embodiments, a system/process/computer program product for detecting malware via scanning for dynamically generated function pointers in memory includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamically generated function pointer in memory based on an analysis of the monitored changes in memory during execution of the malware sample in the computing environment; and generating a signature based on detection of the dynamically generated function pointer in memory, wherein the malware sample was determined to be malicious.

Abstract: Techniques for efficient program deobfuscation through system application program interface (API) instrumentation are disclosed. In some embodiments, a system/process/computer program product for efficient program deobfuscation through system API instrumentation includes monitoring changes in memory after a system call event during execution of a malware sample in a computing environment; and generating a signature based on an analysis of the monitored changes in memory after the system call event during execution of the malware sample in the computing environment.

Abstract: A flexible circuit board including a substrate with a first side and an opposing second side, wherein the substrate is of a colorless polyimide; first and second circuit patterns formed by deposition of ink on the first and second sides, respectively; at least one opening to interconnect the first and second circuit patterns; and first and second cover layers applied on the first and second circuit patterns, respectively, wherein the first and second cover layers are of a colorless polyimide.