Abstract: Provided is a method for preparing isavuconazonium sulfate. Specifically, the preparation method involved comprises: reacting a compound of formula V in the presence of a provided compound having a bisulfate ion so as to obtain isavuconazonium sulfate as shown in formula VI. The preparation method has the advantages of stable intermediate, easy separation and purification, simple operation, high reaction yield, and easy industrial production.

Abstract: A harmless low-consumption on-orbit continuous launch system includes a satellite platform, a launch apparatus and a plurality of CubeSats. The satellite platform carries the launch apparatus and dozens or hundreds of CubeSats, and is launched from a ground into an orbit for on-orbit operation. The launch apparatus is configured to store the plurality of CubeSats and provide power for on-orbit launching of each of the CubeSats. A solid working medium in the launch apparatus is activated by heating to undergo a phase change, and the activated solid working medium expands instantly and is converted into a high-pressure gaseous working medium. The high-pressure gaseous working medium does work to eject the CubeSats, such that the CubeSats obtain a speed increment. The CubeSats enter a transfer orbit towards different target spacecraft through the speed increment applied by the launch apparatus to perform a plurality of different on-orbit serving missions.

Abstract: A harmless low-consumption on-orbit continuous launch system includes a satellite platform, a launch apparatus and a plurality of CubeSats. The satellite platform carries the launch apparatus and dozens or hundreds of CubeSats, and is launched from a ground into an orbit for on-orbit operation. The launch apparatus is configured to store the plurality of CubeSats and provide power for on-orbit launching of each of the CubeSats. A solid working medium in the launch apparatus is activated by heating to undergo a phase change, and the activated solid working medium expands instantly and is converted into a high-pressure gaseous working medium. The high-pressure gaseous working medium does work to eject the CubeSats, such that the CubeSats obtain a speed increment. The CubeSats enter a transfer orbit towards different target spacecraft through the speed increment applied by the launch apparatus to perform a plurality of different on-orbit serving missions.

Abstract: Malware signature generation through combination rule mining is disclosed. A set of properties associated, collectively, with a plurality of data samples is received. A first data sample has a first set of properties and a second data sample has a second set of properties. A combination signature comprising at least a first property included in the first set of properties and a second property included in the second set of properties is generated.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: To leverage the higher detection rate of a supplemental model and manage the higher false positive rate of that model, an activation range is tuned for the candidate model to operate in conjunction with an incumbent model. The activation range is a range of output values for the incumbent model that activates the supplemental model. Inputs having benign output values from the incumbent model that are within the activation range are fed into the supplemental model. Thus, the lower threshold of the activation range corresponds to the malware detection threshold of the incumbent model and the upper threshold determines how many benign classified outputs from the incumbent model activate the supplemental model. This conjoining of models with a tuned activation range manages overall false positive rate of the conjoined detection models while the malware detection rate increases over the incumbent detection model alone.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.

Abstract: A virtualized storage for use in performing dynamic analysis on a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. The virtualized platform is previously configured to use the virtualized storage, and the snapshot is configured to use a placeholder file to occupy space for later use when installing the sample. A location of the copied sample in an image corresponding to the virtualized storage is determined. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. In some cases, analyzing the sample includes extracting the sample's user interface layout into a tree hierarchy of user interface elements. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: A virtualized storage for use in performing dynamic analysis of a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. A location of the copied sample in an image corresponding to the virtualized storage is determined, at least in part by identifying an offset. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: A virtualized storage for use in performing dynamic analysis of a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. A location of the copied sample in an image corresponding to the virtualized storage is determined, at least in part by identifying an offset. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: A virtualized storage for use in performing dynamic analysis of a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. A location of the copied sample in an image corresponding to the virtualized storage is determined, at least in part by identifying an offset. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. Suitability is evaluated based on how well the similarities uniquely identify the members of the first cluster. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.

Abstract: The automatic generation of malware family signatures is disclosed. A set of metadata associated with a plurality of samples is received. The samples are clustered. For members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster is determined. The similarities are evaluated for suitability as a malware family signature. In the event the similarities are determined to be suitable as a malware family signature, a signature is generated.

Abstract: An extended wireless access point may have many distributed radio units connected to associated processing units via a radio transmission network comprising commodity switches controlled by one or more network controllers. The one or more network controllers may use a load balancing algorithm to select a processing unit to process a signal received by a distributed radio unit. The radio units may receive a wireless signal, and generate compressed samples of the wireless signal for transport via the radio transmission network and processing by a selected processing unit. Similarly, a processing unit may generate and transmit via the radio transmission network compressed samples for decompression and transmission by a radio unit.