Abstract: Systems and methods are provided for malware scanning and detection in a computing system. In one exemplary embodiment, the method includes launching, in a computing device of the computing system, a virtual machine, and launching, in the virtual machine of the computing device, an internet browser. The method also includes requesting, by the internet browser, data from a web page, and performing, using one or more analysis tools, analysis on the web page. In the method, performing analysis on the web page includes performing monitoring and recording of system application programming interface (API) calls, and creating software objects associated with the web page. The method also includes performing antivirus scanning of the software objects, de-obfuscating JavaScript associated with the software objects, and correlating data associated with the performed analysis to determine if the web page is a malicious web page.

Abstract: Systems and methods are provided for malware scanning and detection in a computing system. In one exemplary embodiment, the method includes launching, in a computing device of the computing system, a virtual machine, and launching, in the virtual machine of the computing device, an internet browser. The method also includes requesting, by the internet browser, data from a web page, and performing, using one or more analysis tools, analysis on the web page. In the method, performing analysis on the web page includes performing monitoring and recording of system application programming interface (API) calls, and creating software objects associated with the web page. The method also includes performing antivirus scanning of the software objects, de-obfuscating JavaScript associated with the software objects, and correlating data associated with the performed analysis to determine if the web page is a malicious web page.

Abstract: Systems and methods are disclosed for identifying objects from a collection of objects of diverse types that match a pattern. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to receive a pattern input text identifying the pattern to be matched. The pattern input text comprises one or more conditions and a match statement. The processor also receives a collection of objects of diverse types, where each object comprises at least an attribute and a value associated with the attribute. The processor analyzes each object to determine whether the object satisfies the match statement based on an application of the one or more conditions to the attributes and attribute values for the object. If the processor determines that the object satisfies the match statement, the processor creates an output comprising an indication of the object and the conditions that caused the match statement to be satisfied.

Abstract: A system, method, and computer-readable medium for detecting malicious computer code are provided. Instructions, such as HTML or JavaScript instructions may be received from a server, parsed, and executed. During execution of the instructions, one or more functions of a software application, such as a web browser, may be hooked, and an event object may be created for each called function that is hooked, resulting in a collection of event objects. Rules may be matched with event objects of the collection of event objects to detect malicious code. Attributes from the matched event objects may then be used to locate original malicious script or code injected into a web page.

Abstract: Systems and methods are disclosed for identifying objects from a collection of objects of diverse types that match a pattern. In one implementation, a system includes a processor and a memory. The memory stores instructions that cause the processor to receive a pattern input text identifying the pattern to be matched. The pattern input text comprises one or more conditions and a match statement. The processor also receives a collection of objects of diverse types, where each object comprises at least an attribute and a value associated with the attribute. The processor analyzes each object to determine whether the object satisfies the match statement based on an application of the one or more conditions to the attributes and attribute values for the object. If the processor determines that the object satisfies the match statement, the processor creates an output comprising an indication of the object and the conditions that caused the match statement to be satisfied.

Abstract: Systems and methods are provided for malware scanning and detection in a computing system. In one exemplary embodiment, the method includes launching, in a computing device of the computing system, a virtual machine, and launching, in the virtual machine of the computing device, an internet browser. The method also includes requesting, by the internet browser, data from a web page, and performing, using one or more analysis tools, analysis on the web page. In the method, performing analysis on the web page includes performing monitoring and recording of system application programming interface (API) calls, and creating software objects associated with the web page. The method also includes performing antivirus scanning of the software objects, de-obfuscating JavaScript associated with the software objects, and correlating data associated with the performed analysis to determine if the web page is a malicious web page.

Abstract: Systems and methods are provided for malware scanning and detection. In one exemplary embodiment, the method includes a hub computing device that receives, from a controller computing device, a scan request, and identifies spoke computing devices for performing the scan request. The method performed by the hub computing device also includes sending to the identified spoke computing devices, the scan request, receiving, from the spoke computing devices, results associated with the scan request, and sending, to the controller computing device, the results associated with the scan request.