Skip to main content
Version: Spectra Analyze 9.3.0

About Spectra Analyze

Spectra Analyze is a malware analysis solution for individual analysts or small teams that makes threat detection, deep analysis and collaboration more effective and productive. This solution is offered as a hardware/software appliance, or as a cloud-based service.

Powered by Spectra Core

Spectra Analyze is powered by Spectra Core, the world’s fastest and most comprehensive software platform for automated static decomposition and analysis of binary files.

When a sample is submitted to the appliance, it is processed by Spectra Core to automatically unpack files and extract all available information from each contained object. The unpacking process handles all variants of more than 400 PE packer, archive, installation package, firmware image, document and mobile application formats.

Once unpacked, Spectra Core extracts all available metadata from files including strings, format header details, function names, library dependencies, file segments and capabilities with static behavior analysis information.

The general overview of information extracted by Spectra Core can be seen on the Sample Details page, with more specifics in the Indicators and Extracted Files sections.

Which Spectra Core version is my appliance using?

The version of Spectra Core included in the appliance is visible to logged-in users in the footer of every page. It's also visible to appliance administrators on the System Status page.

Features

Binary File Analysis

  • Uploads multiple samples from a directory
  • Processes files in milliseconds
  • Unpacked elements and files are stored in a database and available for further analysis and collaboration
  • All unpacked files are subsequently restored to their original form for reuse and/or dynamic analysis

File Reputation Information

  • By default uses the cloud-based Spectra Intelligence file reputation service that provides a whitelist and blacklist on more than 5 billion files
  • Optionally integrates with an on-premises T1000 file reputation appliance for additional privacy (particularly useful in air-gapped networks)
  • Provides historical results; malware samples are continually reanalyzed for the most up-to-date file reputation status
  • Includes ReversingLabs Hashing Algorithm (RHA) for functional similarity analysis

REST Web Services API

  • Supports automated analysis processes
  • Unpacks over 400 families of archives, installers, packers, and compressors
  • Identifies over 4000 additional file formats
  • Extracts over 19,000 predictive threat indicators from extracted files for PE/Windows, ELF/Linux, Mac OS, iOS, Android, firmware, and documents
  • Calculates file risk score using extracted information
  • Includes 100k+ rules to generate file intent behavior indicators
  • Uploads custom YARA rules for inclusion in Spectra Core static analysis (in addition to ReversingLabs-supplied rules)

Analysis Management GUI

  • Provides access to unpacked files, threat indicators, and risk score
  • Supports collaborative case management and tagging
  • Searches for samples by file name or tag
  • Searches the Spectra Analyze as well as Spectra Intelligence by import hashes, MD5, SHA1 or SHA256 hashes, and searches Spectra Intelligence by malware family name(s) and URIs to discover additional samples for analysis