Title
Create new category
Edit page index title
Edit category
Edit link
Executable Analysis (PE)
Executable analysis is a crucial aspect of cybersecurity software, involving the in-depth examination of executable files to uncover concealed malicious code and extract relevant TTPs.
We approach Portable Executable (PE) file analysis from various angles, employing deep structure analysis, adaptive threat analysis, and up-to-date threat intelligence. This comprehensive approach ensures robust protection against modern cyber threats, providing peace of mind in today’s digital landscape. Key features include:
- Generic and specific packer unpacking,
- Intelligent full binary disassembly,
- Certificate analysis & validation,
- Detection of compiler, linker, packer used,
- 150+ dedicated threat indicators,
- Wide-spread usage of MITRE TTPs,
- Malware configuration extraction.
Our three main feature categories are detailed in the tables below:
On the following link you can find a sample showcasing most of the features shown below:
| Feature | Description | |
|---|---|---|
| Unpacking | Malware is often packed to make it more difficult to analyze. The unpacking feature uses a variety of techniques to unpack malware, including targeted unpackers and generic solutions. Targeted unpackers are designed to unpack specific types of malware, while generic solutions can unpack a wider range of malware. | Learn more |
| Malware configuration extraction | The malware configuration extraction feature extracts the configuration of malware files. This information can include the malware's command and control server, its target systems, and its payload. The configuration information can be used to understand how the malware works and how it can be neutralized. | Learn more |
| Automated tagging | The automated tagging feature automatically tags malware files with signatures, behavior patterns, and similarity search. Signatures are patterns of bytes that are unique to a particular malware family. Behavior patterns are the actions that a malware file performs. Similarity search is used to find malware files that are similar to each other. The tagged information can be used to classify malware and identify new threats. |
See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet
