TitaniumCore

Malware Analysis Solution

Malware Analysis Solution

World’s Fastest, Most Comprehensive Static Analysis for Threat Intelligence

Key Features

1

Unique Automated Static Analysis fully dissects internal contents of files without execution to detect attacks, determine threat level and expose vital information for remediation

2

Empowers SOC/CIRTs and enriches threat intelligence for many security solutions by exposing multi-layered obfuscation used to mask true payload and intent to accelerate triage

3

YARA-based rules matched on all decompressed content; custom rules and 3rd party modules supported

4

Scales elastically to process the most demanding workloads across Linux and Windows platforms

Request a demo

Overview

TitaniumCore implements highly-scalable automated static analysis to recursively unpack, extract internal indicators and calculate threat levels of files to support real-time and/or high-volume applications. With static analysis, files are not executed so that detailed analysis may be performed in milliseconds on an extensive list of file types. TitaniumCore consists of software and an SDK for integration into advanced automated workflows, products or services.

TiCore product graph

High-Speed Analysis for a New Generation of Advanced Threats

TitaniumCore performs advanced file analysis at millisecond speeds with a powerful engine for applications of any scale from a few samples to millions of samples daily. The rules engine calculates threat level based on rules provided by ReversingLabs and YARA rules supplied by the customer. Extracted files can automatically be routed to additional analysis tools (e.g., decompilers, debuggers, sandboxes) or an analyst for further analysis based on threat level and type to make the most efficient use of security assets. No other product (e.g., sandboxes or scanners) exposes the breadth and depth of threat indicators extracted by TitaniumCore.

TitaniumCore Version Options

ReversingLabs enterprise scale analysis solutions perform pre-execution, near real-time deep inspection of the high volumes of files encountered in large organizations.

TitaniumCore provides the software engine that processes files using ReversingLabs unique File Decomposition technology. TitaniumCore implements high-performance automated static analysis to recursively unpack, extract internal indicators and calculate the threat level of files to support real-time and/or high-volume applications

TitaniumCore Enterprise extends the TitaniumCore base solution to cover advanced analysis applications by adding ReversingLabs Hashing Algorithm (RHA) to calculate functional similarity to known malware and TitaniumCloud File Reputation integration to identify known goodware and malware against a database of over 8 billion goodware and malware files.

Features

TitaniumCore Engine Automated Static Analysis

  • Unique Automated Static Analysis fully dissects internal contents of files without execution
  • Every sample processed to extract all objects and uncover threat indicators
  • 3600 file formats identified from PE/Windows, ELF/ Linux, Mac OS, iOS, Android, firmware, FLASH and documents
  • Over 360 file formats unpacked and analyzed including archives, installers, packers & compressors

Results and Reports

  • The platform produces detailed XML and/or JSON reports for consumption by backend systems and databases for further analysis.

Detection Customization

  • YARA-based rules matched on all decompressed content
  • 3rd party modules supported

Integration Requirements

  • Linux and Windows 64-bit platforms
  • Multi-threaded architecture fully utilizes underlying host processing to maximize file processing capacity
  • CLI and API (C, C++, Python, .NET) for integrating with automated workflows or OEM products
File Metadata Collected

TitaniumCore allows the user to define which types of metadata will be collected. The metadata provides critical information, often not available from other tools, for determining the intent and capabilities of the sample.

  • Strings: all strings present in any supported file format, e.g. strings from executable file formats such as PE or ELF.
  • Certificates: all digital certificates that are recognized by the engine. Certificates include Java, Authenticode, iOS™, Android™ and Windows Phone™ certificates.
  • Application: application file types include PE, ELF, Mach-O, DEX, and Flash. Metadata that is extracted commonly covers class, function, and variable names with relevant data about file segments and resources.
  • Mobile: mobile applications and mobile application packages. Supported mobile platforms include iOS™, Android™, and Windows Phone™.
  • Document: document types such as PDF, RTF, CHM, and Microsoft Office.
  • Behavior: static data about application behavior. Data presented within this metadata object shows all possibilities that can occur during application execution.
  • Protection: any kind of DRM or cryptographic content attached to any supported file type.
  • Security: any kind of security-related information. The list of exploits will note any CVEs attached to a supported file type that are detected by the engine.
  • Media: additional metadata present in multimedia formats.
  • The most common example of such metadata would be EXIF information.
  • Web: web applications such as browser plug-ins. Supported browsers include Mozilla FireFox™, Google Chrome™, Opera™, and Safari™.
TitaniumCore Editions
Product Features and Capability TitaniumCore TitaniumCore Enterprise
File Decomposition / Automated Static Analysis true true
360+ Format Families Unpacked/Analyzed true true
3600+ File Formats Identified true true
3000+ Threat Indicators Extracted Per File true true
Indicator Extraction User Selectable true true
Rules Engine Calculates Threat Profile true true
Custom YARA Rules for Classification true true
Third Party Modules Supported true true
Functional Similarity (RHA) to Known Malware   true
TitaniumCloud File Reputation Integration   true
SDK with API for File Submission and Results true true
Product Docs