TitaniumCore™
Overview
TitaniumCore™ (TiCore™) is the world's fastest and most comprehensive software platform for automated static decomposition and analysis of binary files. Malware analysis becomes significantly faster and more productive through automation of the tedious and time-consuming tasks of unpacking binaries and extracting their internal data. TitaniumCore provides a powerful solution for lab operations of any scale from a few samples to millions of samples daily.
The TiCore engine automatically unpacks the contents of a sample and extracts all available information from each contained object. The unpacking process handles all variants of over 100 packer, archive, encryption, compression and installation format families. (see list) Once unpacked, TiCore extracts all available metadata from the files including strings, section information, resources, installation scripts, certificate chains and more. A detailed XML report is produced which can then be consumed by backend systems and databases for further processing and analysis. Decomposition of a typical binary file takes 15-150 milliseconds.
The TitaniumCore automated static decomposition engine removes all packing, obfuscation and protection artifacts from binary files to extract all internal objects and their metadata. The metadata provides critical information, often not available from other tools, for determining the intent and capabilities of the sample. The unpacked objects are fully repaired and available for further analysis using debuggers, decompilers or sandboxes.
Automated static decomposition can benefit labs large or small. The GUI supports ad hoc analysis on selected samples. The SDK enables integration with automated workflows or OEM platforms and extension of file processing procedures. The platform produces detailed XML reports for consumption by back end systems and databases for further analysis.
Features
- Recursively unpacks binary objects and extracts their internal metadata
- Performs automated static decomposition for 100+ families of installers, packers and compressors
- Processes binaries for Windows, Linux, Mac OS, iOS, Android, documents, firmware and more
- Repairs damaged binary packages to enable analysis in debuggers, decompilers, sandboxes and other tools.
- Extracts all metadata from each object, exposing data not available through dynamic analysis tools
- Detects and extracts hidden content and objects
- Provides an API for extending package formats and integrating with automated workflows or OEM products
- Implements a multi-threaded architecture that takes full advantage of underlying hardware
- Hyper-performance achieved by analyzing files in 15-150ms
Extracted Metadata
- File validation and repair data
- Format and file information
- Embedded domains, IP Addresses, IRC handles, spam dictionaries and URLs
- Full certificate data chain - Authenticode, Java Certificates, Mozilla Certs, Apple/Android/Symbian
- PE/ELF/Mach-O/DEX/SWF/PDF imports, exports, resources Section names, sizes and hashes
- Relative and full install paths
- Registry entries, file type, architecture, language,
- icons, compile dates
- Required scripting engines or operating systems Embedded strings for packed and unpacked files
Packaging
TitaniumCore Editions
| TiCore Online | TiCore Analyst | TiCore Lab | |
|---|---|---|---|
| Automatic Static Decomposition | √ | √ | √ |
| 100+ Package Format Families | √ | √ | √ |
| Cloud Hosted | √ | ||
| User Interface | Browser | Desktop Application | Browser, CLI |
| REST Web Services | √ | ||
| Integrated Database | √ | ||
| SDK | Optional | √ | |
| License | Per user | Per user | Per server |
| Max. Daily Samples | 1000 | 500 | 100,000 |
| Host Requirements | n/a | Windows XP, Windows 7, Linux |
Windows XP, Windows 7, Linux |
