File analysis
What is File Analysis?
When faced with an unknown binary artifact, many researchers and security organizations perform a series of routine, repetitive steps to determine what they are dealing with and how to respond. ReversingLabs' File Analysis technology streamlines these tasks, increasing productivity, and allowing researchers to focus their investigations on the more difficult analysis tasks.
ISPs and financial institutions are particularly affected by a high volume of custom made malware that frequently is not detected by the traditional anti-malware products on the market. They must rely on their own efforts to pre-screen suspicious content and perform their own file analysis using a standard set of reversing and sandboxing tools. ReversingLabs' file analysis tools allow these organization to accelerate their investigative potential.
ReversingLabs' File Analysis technology accelerates the following:
Anti-Malware Analysis
By integrating our tools with IDA-Pro and OllyDBG, you can save significant time analyzing unknown samples. Most security organizations keep 1,000s of proprietary scripts, but before those scripts can come into play, you must repeat the same sets of steps over and over again. ReversingLabs' tools free your analysts to do actual sample behavior analysis.
Botnet Research
Many server side polymorphic engines utilize multiple packing, protection and obfuscation parameters and packages to flood networks and the responder community with massive amounts of cryptographically unique samples.
By performing deep file inspection, and stripping file format compression and protection artifacts, our tools provide better correlation information for unknown file samples.
Malware forensics
By peeling off many of the automated protection tools, ReversingLabs eases your forensic research. Our software is an essential addition to your automated analysis toolbox. It accelerates the process of eliminating the "noise," making it easier to determine the malicious behavior of the underlying sample.
Automating File Analysis
Key Aspects of Automated File Analysis:
(A) Identify a fragment
Binary information identification begins with identifying the sample. Is it a fragment or is it a complete segment? Is it destined for the executable memory of number of different processing technologies, or destined to be shipped as a file? Executable and non-executable static segments can include compression, encryption, obfuscation and a host of other protections intended to mask identification. Digging through these elements is the ideal task for a good automation tool.
(B) Create modules to unveil the component
Our TitanEngine open source platform is designed to accelerate the develoment of analysis and decomposition modules. Use it to blow up the structure of the component via archive, format, compression and protection decomposition.
(C) Extract relevant meta information
Integration Points
Furthermore, any automation accesory has to be recursive, keep detailed report of its activities, and integrate into at least one of the following:
1) Plug-in to IDA-Pro
2) Plug-in to OllyDBG
3) Via Commandline and SDK into backend automation processes
Contact us for our latest product roadmap and the currently supported list of features. Also, feel free to evaluate our open source project "TitanEngine".