Render URLs and Detect Phishing Sites | | | | | |
Extract and Decode Nearly All Malicious VBA Macros | | | | | |
Analyze VBA Stomped Files Targeted for Any System | | | | | |
Shellcode Emulation (x86, 32/64) | | | | | |
Export MISP (JSON) and STIX Report Formats | | | | | |
Extract and Analyze Embedded PE Files | | | | | |
Deobfuscate Javascript/VBS | | | Limited | | |
Deobfuscate Powershell Scripts | | | Limited | | |
Deobfuscate MSHTA Scripts | | | | | |
Parse METF Embed Equation Exploit Structure | | | | | |
Parse Malformed RTF Files | | | | | |
Parse Office Binary File Formats (BIFF5/BIFF8) | | | | | |
Parse Strict OOXML File Format | | | | | |
Automatically Decode Embedded Base64 Strings | | | | | |
Extract Annotated Disassembly | | | | | |
Decrypt Password Protected Office Documents | | | | | |
Decompile Java | | | | | |
Decompile .NET | | | | | |
Calculate .NET GUIDs (Module Version/TypeLib Id) | | | | | |
Classify Imported APIs | | | | | |
MITRE ATT&CK Support (In-report and Search) | | | | | |
Render PDF Pages | | | | | |
Extract Embedded Files
(eg: OLE2 from Word) | | | | | |
Automatically Tag Samples Based on Signatures | | | | | |
YARA Support | | | | | |
Generate Text Metrics (Average Word Size, etc.) | | | | | |
Detect Cryptographic Constants | | | | | |
Text Analysis (Guessed Language) | | | | | |
Map UUIDs to Known Associated Files / Metadata | | | Limited | | |
Filter Strings and Detect Interesting Ones | | | | | |
Extract and Detect Overlay | | | | | |
Integrated Allowlist | | | | | |
Detect Alternative IOCs
(Emails, Bitcoin Address, etc.) | | | | | |
Calculate Authentihash | | | | | |
Verify Authenticode Signatures | | | | | |
Parse RICH Header | | | Limited | | |
Calculate Entropy of Resources | | | | | |
Detect URLs, Domains and IP Addresses | | Limited | | | |
Calculate Hashes of Resources | | | | | |
Calculate Imphash | | | | | |
Calculate SSDEEP | | | | | |
Extract PDB Information | | | | | |
Detect TLS Callbacks | | | | | |
Resolve Known Import Ordinals to Names | | | | | |
Detect Anomalies
(eg: Header Checksum Validation) | | Limited | | | |
Query VirusTotal for Reputation Checks | | | | | |
Detect Packers (PEiD) | | | | | |
Detect File Types | | | | | |
Calculate Hashes of Sections | | | | | |
Calculate Entropy of Sections | | | | | |
Extract Strings from Executable | | | | | |
Extract/Detect Resources | | | | | |
Extract/Detect PKCS7 Certificate | | | | | |