VxClass. Automated executable classification
 Ero Carrera (ero) <ero carrera gmailcom> |
Monday, June 11 2007 20:02.00 CDT |
Here at Sabre Security, we have been putting together a variety of technologies nurtured and developed over years of reverse engineering and malware analysis. All of it has taken form in VxClass, which is finally shaping up. We are quite proud and happy to see such a complex project (and one Ive personally long dreamed about) actually working.
The first incarnation of VxClass is already able to automatically handle (unpack, analyze and classify) a wide range of Windows malware. The results are nearly addictive to look at. Accompanying this post are some screen-shots of the Web interface showing a listing of files and the automatically generated cluster of families.
VxClass will allow analysts or other tools to communicate with it and submit executable files. Those will be unpacked, analyzed and classified automatically according to their structural properties. The classification results as well as analysis databases can be retrieved through either an XMLRPC or a Web interface.
If you or your company would be interested on evaluating it or discussing if it might be an applicable technology for you, dont hesitate in dropping us a mail.
Also, Im in the Bay Area for most of June and August (also in Black Hat in Las Vegas). So if you want to have me demo it or chat about it, drop me a line.
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |