Title
Create new category
Edit page index title
Edit category
Edit link
Executable Analysis (PE)
Executable analysis is a fundamental aspect of cybersecurity software, involving the in-depth examination of executable files to uncover concealed malicious code and extract relevant TTPs.
We tackle Portable Executable (PE) file analysis from various angles. We employ deep structure analysis, adaptive threat analysis, and incorporate up-to-date threat intelligence. This comprehensive approach ensures top-notch protection against modern cyber threats, giving our clients peace of mind in today's digital landscape. Some of the most useful features are:
- Both generic and specific packer unpacking
- Intelligent full binary disassembly
- Certificate analysis & validation
- Detect compiler, linker, packer used
- 150+ dedicated threat indicators
- Wide-spread usage of MITRE TTPs
- Extract malware configs
You can find our three main categories of features in the tables below:
On the following link you can find a sample showcasing most of the features shown below:
| Feature | Description | |
|---|---|---|
| Unpacking | Malware is often packed to make it more difficult to analyze. The unpacking feature uses a variety of techniques to unpack malware, including targeted unpackers and generic solutions. Targeted unpackers are designed to unpack specific types of malware, while generic solutions can unpack a wider range of malware. | Learn more |
| Malware configuration extraction | The malware configuration extraction feature extracts the configuration of malware files. This information can include the malware's command and control server, its target systems, and its payload. The configuration information can be used to understand how the malware works and how it can be neutralized. | Learn more |
| Automated tagging | The automated tagging feature automatically tags malware files with signatures, behavior patterns, and similarity search. Signatures are patterns of bytes that are unique to a particular malware family. Behavior patterns are the actions that a malware file performs. Similarity search is used to find malware files that are similar to each other. The tagged information can be used to classify malware and identify new threats. |
See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
