Executable Analysis (PE)

Executable analysis is a fundamental aspect of cybersecurity software, involving the in-depth examination of executable files to uncover concealed malicious code and extract relevant TTPs.

We tackle Portable Executable (PE) file analysis from various angles. We employ deep structure analysis, adaptive threat analysis, and incorporate up-to-date threat intelligence. This comprehensive approach ensures top-notch protection against modern cyber threats, giving our clients peace of mind in today's digital landscape. Some of the most useful features are:

  • Both generic and specific packer unpacking
  • Intelligent full binary disassembly
  • Certificate analysis & validation
  • Detect compiler, linker, packer used
  • 150+ dedicated threat indicators
  • Wide-spread usage of MITRE TTPs
  • Extract malware configs

You can find our three main categories of features in the tables below:

Adaptive Threat Analysis
Deep Structure Analysis
Threat Intelligence

On the following link you can find a sample showcasing most of the features shown below:

https://www.filescan.io/uploads/65097f0bf1b40cb0d61e8340/reports/77accaa9-5d0e-4f97-a4d7-2119c7121cf7/overview
FeatureDescription
UnpackingMalware is often packed to make it more difficult to analyze. The unpacking feature uses a variety of techniques to unpack malware, including targeted unpackers and generic solutions. Targeted unpackers are designed to unpack specific types of malware, while generic solutions can unpack a wider range of malware.Learn more
Malware configuration extractionThe malware configuration extraction feature extracts the configuration of malware files. This information can include the malware's command and control server, its target systems, and its payload. The configuration information can be used to understand how the malware works and how it can be neutralized.Learn more
Automated taggingThe automated tagging feature automatically tags malware files with signatures, behavior patterns, and similarity search. Signatures are patterns of bytes that are unique to a particular malware family. Behavior patterns are the actions that a malware file performs. Similarity search is used to find malware files that are similar to each other. The tagged information can be used to classify malware and identify new threats.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Supported malware families for config extraction

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Executable Analysis (PE)