1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and systems for detecting stalling code.
2. Description of the Background Art
Malware may be detected using so-called dynamic analysis, which involves running and monitoring the behavior of the malware. The dynamic analysis is typically performed in a sandbox, such as a suitably-configured virtual machine. One problem with dynamic analysis is that the analysis is typically performed on a single execution path, making the analysis vulnerable to evasion techniques, such as stalling codes. A stalling code executes a relatively long loop that is designed to induce dynamic analysis platforms to time out. This prevents malware with stalling code from being evaluated properly in a sandbox and other dynamic analysis platforms.