Abstract: Disclosed are systems and methods for training and retraining a model for detection of malicious activity from container files, which contain at least two or more objects constituting logically separate data regions. Parameters of each object chosen from at least one safe container and one malicious container are determined which uniquely characterize the functional relation of the mentioned object to at least one selected object. Convolutions are formed separately for each container on the basis of the determined parameters of the objects, which are used to train a machine learning model for detecting malicious container files.

Abstract: A system and method is provided for determining whether an electronic file is malicious. An exemplary method includes extracting resources from an electronic file; forming a first rule that establishes a functional dependency between the extracted resources; identifying, in a database of malicious file resources, a second rule associated with one or more of the extracted resources; comparing the formed first rule with the identified second rule to calculate a degree of similarity between first and second rules; and determining the electronic file to be a malicious file when the calculated degree of similarity exceeds a predetermined threshold value.

Abstract: Disclosed are systems and methods for emulating execution of a file based on emulation time. In one aspect, an exemplary method comprises, generating an image of a file, emulating an execution of instructions from the image for a predetermined emulation time, the emulation including: when an emulation of an execution of instruction from an image of another file is needed, generating an image of the another file, detecting known set of instructions in portions read from the image, inserting a break point into a position in the generated image corresponding to a start of the detected set of instructions, emulating execution of the another file by emulating execution of instructions from the generated image, and adding corresponding records to an emulation log, and reading a next portion from the image of the another file and repeating the emulation until the predetermined emulation time has elapsed.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: Disclosed are systems and methods for emulating execution of a file based on emulation time. In one aspect, an exemplary method comprises, generating an image of a file, emulating an execution of instructions from the image for a predetermined emulation time, the emulation including: when an emulation of an execution of instruction from an image of another file is needed, generating an image of the another file, detecting known set of instructions in portions read from the image, inserting a break point into a position in the generated image corresponding to a start of the detected set of instructions, emulating execution of the another file by emulating execution of instructions from the generated image, and adding corresponding records to an emulation log, and reading a next portion from the image of the another file and repeating the emulation until the predetermined emulation time has elapsed.

Abstract: Disclosed are systems and methods for emulating execution of a file. An image of a file is formed, which is comprised of instructions read from the file. An analysis module detects at least one known set of instructions in a portion read from the file, and inserts a break point into a position in the generated image of the file corresponding to a start of the detected set of instructions. An emulation module emulates execution of the file by emulating execution of instructions from the generated image of the file and adding corresponding records to an emulation log associated with the emulated execution of the at least one known set of instructions.

Abstract: Disclosed are systems and methods for training and retraining a model for detection of malicious activity from container files, which contain at least two or more objects constituting logically separate data regions. Parameters of each object chosen from at least one safe container and one malicious container are determined which uniquely characterize the functional relation of the mentioned object to at least one selected object. Convolutions are formed separately for each container on the basis of the determined parameters of the objects, which are used to train a machine learning model for detecting malicious container files.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: Disclosed are systems and methods for emulating execution of a file. An image of a file is formed, which is comprised of instructions read from the file. An analysis module detects at least one known set of instructions in a portion read from the file, and inserts a break point into a position in the generated image of the file corresponding to a start of the detected set of instructions. An emulation module emulates execution of the file by emulating execution of instructions from the generated image of the file and adding corresponding records to an emulation log associated with the emulated execution of the at least one known set of instructions.

Abstract: A system and method is provided for determining whether an electronic file is malicious. An exemplary method includes extracting resources from an electronic file; forming a first rule that establishes a functional dependency between the extracted resources; identifying, in a database of malicious file resources, a second rule associated with one or more of the extracted resources; comparing the formed first rule with the identified second rule to calculate a degree of similarity between first and second rules; and determining the electronic file to be a malicious file when the calculated degree of similarity exceeds a predetermined threshold value.

Abstract: A system for real-time interactive presentation, the system communicatively coupled to a network for access by a plurality of user devices comprising a database to store information relating to a plurality of presentations, at least one processor executing instructions stored in non-transitory memory that cause the processor to: receive a presentation in a first format from a presenter user device, convert the presentation to an HTML5 format, embed at least one HMTL5 interactive object into the converted presentation, store the converted presentation including the at least one HTML5 interactive embedded object in the database, upon a request received from a first user device for the converted presentation, transmit the converted presentation including the at least one HTML5 interactive embedded object to the first user device, wherein the presentation including the at least one HTML5 interactive embedded object is rendered for viewing on a display of the first user device, and receive and store first user inp

Abstract: A method of multicast data transmission from a web server to client terminal devices using a wireless local area network (WLAN) includes, before transmitting data from the web server, data preprocessing including data object type identification, forming of one or several logical channels in the overall bandwidth of a WLAN for each data object type, fragmentation of data objects into multiple data packets, and marking of each data packet with a header which contains at least transmission parameters. Data packets with headers are transmitted within the logical channels by data type, in a cyclic retranslation mode or by duplicating data packets and transmitting copies with delay.