The malware analysis module exploits code reuse, which is very common in malware, to detect and analyze new, unknown variants. It first uses DeepDi to quickly generate the disassembly code of a malware variant, and then find similar functions to detect and identify its malware family by comparing it to other samples in our database. Our system can show where each function in a user-submitted malware sample occurs in all other malware samples in our dataset, and compare their disassembled code in .
Users can upload new malware samples or search existing malware sample by its SHA256 value.
The system will count weekly, monthly, and overall distribution of various malware families.
Information about the 50 most recently discovered malware samples.
The system will list all the functions in the submitted sample and show the number of times they appear in different malware families. Functions can be sorted by relevance or address.
After clicking the address of the function, the system will display the disassembly code of this function, and all other samples containing similar functions
After clicking the SHA256 value of the sample with similar function, the comparison between the disassembly code between these two similar functions will be displayed.
Updated 10 days ago