Executable Analysis (PE)

Executable analysis is a crucial aspect of cybersecurity software, involving the in-depth examination of executable files to uncover concealed malicious code and extract relevant TTPs.

We approach Portable Executable (PE) file analysis from various angles, employing deep structure analysis, adaptive threat analysis, and up-to-date threat intelligence. This comprehensive approach ensures robust protection against modern cyber threats, providing peace of mind in today’s digital landscape. Key features include:

  • Generic and specific packer unpacking,
  • Intelligent full binary disassembly,
  • Certificate analysis & validation,
  • Detection of compiler, linker, packer used,
  • 150+ dedicated threat indicators,
  • Wide-spread usage of MITRE TTPs,
  • Malware configuration extraction.

Our three main feature categories are detailed in the tables below:

Adaptive Threat Analysis
Deep Structure Analysis
Threat Intelligence

On the following link you can find a sample showcasing most of the features shown below:

https://www.filescan.io/uploads/65097f0bf1b40cb0d61e8340/reports/77accaa9-5d0e-4f97-a4d7-2119c7121cf7/overview
FeatureDescription
UnpackingMalware is often packed to make it more difficult to analyze. The unpacking feature uses a variety of techniques to unpack malware, including targeted unpackers and generic solutions. Targeted unpackers are designed to unpack specific types of malware, while generic solutions can unpack a wider range of malware.Learn more
Malware configuration extractionThe malware configuration extraction feature extracts the configuration of malware files. This information can include the malware's command and control server, its target systems, and its payload. The configuration information can be used to understand how the malware works and how it can be neutralized.Learn more
Automated taggingThe automated tagging feature automatically tags malware files with signatures, behavior patterns, and similarity search. Signatures are patterns of bytes that are unique to a particular malware family. Behavior patterns are the actions that a malware file performs. Similarity search is used to find malware files that are similar to each other. The tagged information can be used to classify malware and identify new threats.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Supported malware families for config extraction

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Executable Analysis (PE)