Here's how it works
RL’s complex binary analysis combines an array of automated analysis technologies, including a proprietary analysis engine for a ground-breaking solution to detect and analyze threats embedded at the deepest levels within files. This new innovative approach starts with the industry's fastest and most advanced automated static file decomposition engine to identify, de-archive, de-obfuscate and unpack the underlying object structure (e.g. embedded executables, libraries, documents, resources, icons), extract all internal indicators from the unpacked files, and apply AI-driven, multi-factor classification rules to deliver a decisive threat verdict.
Unlike dynamic analysis, RL’s unique binary analysis does not execute the file, but rather extracts all available compressed and obfuscated data from files and fragments whether executable or not, and whether damaged or not. Since the files are not executed, the process can identify and deconstruct files of any type in milliseconds, regardless of their target OS or platform. It also means very large file sizes can be analyzed without performance implications.
RL’s binary analysis technology thus overcomes the shortcomings of dynamic analysis, including not being subject to malware evasion techniques inherent to sandboxes. The result is in-depth file analysis with the broadest file coverage and the fastest processing speeds, making it the ideal solution for analyzing the ever-growing volume of large complex files entering and traversing today’s enterprise networks, cloud storage systems, and email platforms.
RL’s analysis also includes YARA matching on each extracted file, which is another benefit, as other solutions perform YARA matching on the original file only, not on its parts.
RL’s complex binary analysis technology performs the following steps to extract the maximum amount of data and indicators:
— File identification (4800+ file types) including Machine Learning file identification module— Recursive file decomposition (unpacking / de-obfuscating)
— Comprehensive metadata extraction (20,000+ file behavior indicators)
— ReversingLabs Hashing Algorithm (similarity algorithm)
— YARA matching on all extracted files and objects
— File and network reputation check for each extracted file
— AI-driven, multi-factor threat classification and final verdict
Learn more about RL’s Complex Binary Analysis.