<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

Complex Binary Analysis

RL’s AI-driven, complex binary analysis engine automates and accelerates threat detection and analysis of files. This proprietary technology performs high-speed, static analysis to recursively unpack files and objects to their base elements, extract all internal indicators, classify threat level, and assign a verified threat verdict. Files are not executed so processing can be accomplished in milliseconds, obtaining faster results and broader coverage for file type and large complex file sizes than is possible with dynamic solutions.

Manual Static Analysis

  • Hours / file
  • Tool intensive – disassemblers
  • Advanced expertise required
  • Time wasted on repetitive file unpacking and indicator extraction tasks

RL Complex Binary Analysis

  • Milliseconds / file
  • High-volume file processing
  • Full deconstruction of large complex files and objects
  • Deep inspection without execution
  • 4800+ file types identified
  • Comprehensive indicator extraction
  • Windows, Linux, MacOS, IOS, and Android platform support
  • AI-driven, multi-factor threat classification
  • Decisive threat verdicts
  • Highly scalable

Dynamic Analysis

  • Minutes / file
  • Easy evasion by malware
  • Incomplete view of capabilities
  • Limited file types
  • Size constraints
  • Time-consuming and cost-prohibitive as file volume increases

Here's how it works

RL’s complex binary analysis combines an array of automated analysis technologies, including a proprietary analysis engine for a ground-breaking solution to detect and analyze threats embedded at the deepest levels within files. This new innovative approach starts with the industry's fastest and most advanced automated static file decomposition engine to identify, de-archive, de-obfuscate and unpack the underlying object structure (e.g. embedded executables, libraries, documents, resources, icons), extract all internal indicators from the unpacked files, and apply AI-driven, multi-factor classification rules to deliver a decisive threat verdict.

AFD Schema

Unlike dynamic analysis, RL’s unique binary analysis does not execute the file, but rather extracts all available compressed and obfuscated data from files and fragments whether executable or not, and whether damaged or not. Since the files are not executed, the process can identify and deconstruct files of any type in milliseconds, regardless of their target OS or platform. It also means very large file sizes can be analyzed without performance implications.

RL’s binary analysis technology thus overcomes the shortcomings of dynamic analysis, including not being subject to malware evasion techniques inherent to sandboxes. The result is in-depth file analysis with the broadest file coverage and the fastest processing speeds, making it the ideal solution for analyzing the ever-growing volume of large complex files entering and traversing today’s enterprise networks, cloud storage systems, and email platforms.

RL’s analysis also includes YARA matching on each extracted file, which is another benefit, as other solutions perform YARA matching on the original file only, not on its parts.

RL’s complex binary analysis technology performs the following steps to extract the maximum amount of data and indicators:

— File identification (4800+ file types) including Machine Learning file identification module

— Recursive file decomposition (unpacking / de-obfuscating)

— Comprehensive metadata extraction (20,000+ file behavior indicators)

— ReversingLabs Hashing Algorithm (similarity algorithm)

— YARA matching on all extracted files and objects

— File and network reputation check for each extracted file

— AI-driven, multi-factor threat classification and final verdict

Learn more about RL’s Complex Binary Analysis.