OPSWAT FILESCAN

A Next-Generation Sandbox Built on Adaptive Threat Analysis

get started

OPSWAT FileScan malware analysis dashboard

CHALLENGE

Ever-Evolving Threats

We are in a technological arms race as threat actors continuously improve their techniques and create ever-more sophisticated malware to evade security solutions.

This means that malware analysis systems need to be able to successfully analyze these threats regardless of both evasion measures taken and the level of sophistication.

That analysis needs to be actionable by extracting embedded Indicators of Compromise ("IOCs") for pre-emptive blocking measures, breach detection, and performing active threat hunting in a post-breach scenario.

Heavy obfuscation and encryption in malware means only actual execution of malware (typically within an isolated environment, also known as dynamic analysis) has been effective in extracting needed key IOCs (e.g. network IPs, URLs, Domains) on a consistent basis.

SOLUTION

Next-Gen Approach

We asked a simple question: what if we could come up with a technology that closes the gap between static analysis and full-blown VM-based sandboxing systems?

We needed something that could scan thousands of files for malware in a short period of time, but at the same time also beat the obfuscation layers to get to the "malware gold nuggets" (IOCs) that are so invaluable – all with low resource requirements, easy maintenance, and high efficacy.

FEATURES

Adaptive Threat Analysis


OPSWAT FileScan’s unique adaptive threat analysis technology enables zero-day malware detection and more Indicator of Compromise (IOCs) extraction. Key features:

Threat agnostic analysis of files and URLs capable of massive processing volume due to its scalable architecture

Focus on Indicator-of-Compromise (IOC) extraction including actionable context for incident response

Our proprietary Rapid Dynamic Analysis engine allows targeted attack detection bypassing anti-analysis tricks (e.g. geofencing)

Powerful. Fast. Efficient.

Utilizing unique adaptive threat analysis technology, OPSWAT FileScan was built with power, speed, and efficacy in mind.
10x
Faster

In every race, speed matters – and OPSWAT FileScan is ten times faster than a traditional sandbox.

100x
More Efficient

OPSWAT FileScan is 100x more resource efficient than other sandboxes.

<1
Hour Setup

In under an hour, OPSWAT FileScan is working to help protect you from malware.

25,000
Files Per Day

On just one server, OPSWAT FileScan can process 25,000 files a day.

BENEFITS

Why OPSWAT FileScan?

  • Perform detection and IOC extraction for all common threats (files and URLs) in a single platform
  • Rapidly identify threats, their capabilities and update your security systems
  • Search your corporate network for compromised endpoints
  • API-driven framework for easy integration into existing systems
  • Easy reporting for entry level analysts and executive summary
  • Easy deployment (cloud native in platforms like AWS or on-premises, including air gapped)
  • Standard report export formats (HTML/PDF/MISP/STIX)
Screenshot of OPSWAT’s FileScan Malware Analysis user interface

Competitive Comparison


The following table compares the current engine feature set of OPSWAT FileScan with its peer group. This feature set does not include platform features, such as the API coverage, configurable ACL, OAuth integration, CEF syslog feedback, etc. Please contact us to book a technical presentation and get a run-through of all platform features and capabilities.

Feature
FileScan.IO
Cloud Online Analysis Tool A
Cloud Online Analysis Tool B
Popular Static Analysis Tools
Render URLs and detect phishing sites
Yes
Yes
No
No
Extract and decode nearly all malicious VBA macros
Yes
No
Yes
No
Analyze VBA stomped files targeted for any system
Yes
No
No
No
Shellcode Emulation (x86, 32/64)
Yes
No
Yes
No
Export MISP (JSON) and STIX report formats
Yes
No
No
No
Extract & analyze embedded PE files
Yes
No
No
No
Deobfuscate Javascript / VBS
Yes
No
Yes, but limited
No
Deobfuscate Powershell scripts
Yes
No
Yes, but limited
No
Parse METF Embed Equation exploit structure
Yes
No
No
No
Parse malformed RTF files
Yes
No
No
No
Parse Office binary file formats (BIFF5/BIFF8)
Yes
No
No
No
Parse Strict OOXML file format
Yes
No
No
No
Automatically decode Base64 strings
Yes
No
No
No
Extact annotated disassembly
Yes
No
No
No
Decrypt password protected office documents
Yes
No
Yes
No
Decompile Java
Yes
No
Yes
No
Decompile .NET
Yes
No
Yes
No
Calculate .NET GUIDs (Module Version/TypeLib Id)
Yes
Yes
No
No
Classify imported APIs
Yes
No
No
Yes
MITRE ATT&CK support
Yes
No
Yes
Yes
Render PDF pages
Yes
Yes
Yes
No
Extract embedded files (e.g. OLE2 from Word)
Yes
Yes
Yes
No
Automatically tag samples based on signatures
Yes
Yes
Yes
No
YARA support
Yes
Yes
Yes
No
Generate text metrics (average word size, etc.)
Yes
No
No
No
Detect cryptographic constants
Yes
No
No
No
Text analysis (guessed language)
Yes
Yes
No
No
Map UUIDs to known associated files / meta-data
Yes
No
Yes, but limited
No
Filter strings and detect interesting ones
Yes
No
Yes
Yes
Extract and detect overlay
Yes
No
No
Yes
Integrated whitelist
Yes
Yes
Yes
No
Detect alternative IOCs (E-Mails, bitcoin address, etc.)
Yes
No
Yes
No
Calculate authentihash
Yes
Yes
Yes
No
Verify authenticode signatures
Yes
Yes
Yes
Yes
Parse RICH header
Yes
Yes
Yes, but limited
Yes
Calculate entropy of resources
Yes
Yes
No
Yes
Detect URLs, Domains and IP addresses
Yes
Yes, but limited
Yes
Yes
Calculate hashes of resources
Yes
Yes
No
Yes
Calculate Imphash
Yes
Yes
Yes
No
Calculate SSDEEP
Yes
Yes
Yes
No
Extract PDB information
Yes
Yes
Yes
Yes
Detect TLS callbacks
Yes
No
Yes
Yes
Resolve known import ordinals to names
Yes
No
Yes
Yes
Detect anomalies (e.g. header checksum validation)
Yes
Yes, but limited
Yes
Yes
Query VirusTotal for reputation checks
Yes
Yes
Yes
Yes
Detect packers (PEiD)
Yes
Yes
Yes
Yes
Detect file types
Yes
Yes
Yes
Yes
Calculate hashes of sections
Yes
Yes
Yes
Yes
Calculate entropy of sections
Yes
Yes
Yes
Yes
Extract strings from executable
Yes
Yes
Yes
Yes
Extract/Detect resources
Yes
Yes
Yes
Yes
Extract/Detect PKCS7 certificate
Yes
Yes
Yes
Yes

Additional Resources

WHITEPAPER

State of Malware Analysis: 2022 Report

Attitudes, Statistics, Trends, and Best Practices to Address File-Based Cyber Threats

DOWNLOAD NOW
DATASHEET

OPSWAT FileScan - A Next-Gen Sandbox Solution

See more stats and technical specifications in this datasheet

DOWNLOAD NOW

CYBERSECURITY ATTACKS ARE ON THE RISE

Learn How OPSWAT FilesScan Helps
Detect Threats Others Miss