Unique Automated Static Analysis fully-dissects internal contents of files without execution to detect attacks, determine threat level and expose vital information for remediation
Empowers SOC/CIRTs and enriches threat intelligence for many security solutions by exposing multi-layered obfuscation used to mask true payload and intent to accelerate triage
YARA-based rules matched on all decompressed content; custom rules and 3 rd party modules supported
Scales elastically to process the most-demanding workloads across Linux and Windows platforms
TitaniumCore implements highly scalable automated static analysis to recursively unpack, extract internal indicators and calculate threat levels of files to support real-time and/or high-volume applications. With static analysis, files are not executed so that detailed analysis may be performed in milliseconds on an extensive list of file types. TitaniumCore consists of software and an SDK for integration into advanced automated workflows, products or services.
High-Speed Analysis for a New Generation of Advanced Threats
TitaniumCore performs advanced file analysis at millisecond speeds with a powerful engine for applications of any scale from a few samples to millions of samples daily. The rules engine calculates threat level based on rules provided by ReversingLabs and YARA rules supplied by the customer. Extracted files can automatically be routed to additional analysis tools (e.g., de-compilers, debuggers, sandboxes) or an analyst for further analysis based on threat level and type to make the most efficient use of security assets. No other product (e.g., sandboxes or scanners) exposes the breadth and depth of threat indicators extracted by TitaniumCore.
TitaniumCore Version Options
ReversingLabs enterprise scale analysis solutions perform pre-execution, near real-time deep inspection of the high volumes of files encountered in large organizations.
TitaniumCore provides the software engine that processes files using ReversingLabs unique File Decomposition technology. TitaniumCore implements high performance automated static analysis to recursively unpack, extract internal indicators and calculate the threat level of files to support real-time and/or high-volume applications
TitaniumCore Enterprise extends the TitaniumCore base solution to cover advanced analysis applications by adding ReversingLabs Hashing Algorithm (RHA) to calculate functional similarity to known malware and TitaniumCloud File Reputation integration to identify known goodware and malware against a database of over 6B goodware and malware files.
TitaniumCore Engine Automated Static Analysis
- Unique Automated Static Analysis fully dissects internal contents of files without execution
- Every sample processed to extract all objects and uncover threat indicators
- 3500 file formats identified from PE/Windows, ELF/ Linux, Mac OS, iOS, Android, firmware, FLASH and documents
- Over 350 families unpacked and analyzed including archives, installers, packers & compressors
Results and Reports
- The platform produces detailed XML and/or JSON reports for consumption by backend systems and databases for further analysis.
- YARA-based rules matched on all decompressed content
- 3rd party modules supported
- Linux and Windows 64-bit platforms
- Multi-threaded architecture fully utilizes underlying host processing to maximize file processing capacity
- CLI and API (C, C++, Python, .NET) for integrating with automated workflows or OEM products
TitaniumCore allows the user to define which types of metadata will be collected. The metadata provides critical information, often not available from other tools, for determining the intent and capabilities of the sample.
- Strings: all strings present in any supported file format, e.g. strings from executable file formats such as PE or ELF.
- Certificates: all digital certificates that are recognized by the engine. Certificates include Java, Authenticode, iOS™, Android™ and Windows Phone™ certificates.
- Application: application file types include PE, ELF, Mach-O, DEX, and Flash. Metadata that is extracted commonly covers class, function, and variable names with relevant data about file segments and resources.
- Mobile: mobile applications and mobile application packages. Supported mobile platforms include iOS™, Android™, and Windows Phone™.
- Document: document types such as PDF, RTF, CHM, and Microsoft Office.
- Behavior: static data about application behavior. Data presented within this metadata object shows all possibilities that can occur during application execution.
- Protection: any kind of DRM or cryptographic content attached to any supported file type.
- Security: any kind of security-related information. The list of exploits will note any CVEs attached to a supported file type that are detected by the engine.
- Media: additional metadata present in multimedia formats.
- The most common example of such metadata would be EXIF information.
- Web: web applications such as browser plug-ins. Supported browsers include Mozilla FireFox™, Google Chrome™, Opera™, and Safari™.
|Product Features and Capability||TitaniumCore||TitaniumCore Enterprise|
|File Decomposition / Automated Static Analysis|
|350+ Format Families Unpacked/Analyzed|
|3500+ File Formats Identified|
|3000+ Threat Indicators Extracted Per File|
|Indicator Extraction User Selectable|
|Rules Engine Calculates Threat Profile|
|Custom YARA Rules for Classification|
|Third Party Modules Supported|
|Functional Similarity (RHA) to Known Malware|
|TitaniumCloud File Reputation Integration|
|SDK with API for File Submission and Results|