Skip to main content
Version: Spectra Analyze 9.2.2

About Spectra Analyze

The Spectra Analyze Appliance is a powerful, integrated, plug-and-play solution for individual analysts or small teams of analysts that makes threat detection, deep analysis and collaboration more effective and productive. This solution is offered as an on-premises hardware appliance, a VM appliance, or as a cloud-based service.

Powered by Spectra Core

Spectra Analyze is powered by ReversingLabs Spectra Core , the world’s fastest and most comprehensive software platform for automated static decomposition and analysis of binary files.

Which Spectra Core version is my appliance using?

The version of Spectra Core included in the appliance is visible:

  • to appliance administrators on the System Status page
  • to all users in the footer of every page in the Spectra Analyze appliance interface

When a sample is submitted to the appliance, it is processed by Spectra Core to automatically unpack files and extract all available information from each contained object. The unpacking process handles all variants of more than 400 PE packer, archive, installation package, firmware image, document and mobile application formats.

Once unpacked, Spectra Core extracts all available metadata from files including strings, format header details, function names, library dependencies, file segments and capabilities with static behavior analysis information.

The general overview of information extracted by Spectra Core can be seen on the [Sample Details] page, with more specifics in the Indicators and Extracted Files sections. The Spectra Core version used to analyze the sample is displayed in the Static Analysis > Info section.

Features

Binary File Analysis

  • Uploads multiple samples from a directory
  • Processes files in milliseconds
  • Unpacked elements and files are stored in the onboard database and available for further analysis and collaboration
  • All unpacked files are subsequently restored to their original form for reuse and/or dynamic analysis

File Reputation Information

  • By default uses the cloud-based Spectra Intelligence File Reputation Service that provides a whitelist and blacklist on more than 5 billion files
  • Optionally integrates with an on-premises T1000 File Reputation appliance for additional privacy (particularly useful in air-gapped networks)
  • Provides historical results; malware samples are continually reanalyzed for the most up-to-date file reputation status
  • Includes ReversingLabs Hashing Algorithm (RHA) for Functional Similarity Analysis

REST Web Services API

  • Supports automated analysis processes
  • Automated Static Analysis
  • Unpacks over 400 families of archives, installers, packers, and compressors
  • Identifies over 4000 additional file formats
  • Extracts over 3,000 PTIs from extracted files for PE/Windows, ELF/Linux, Mac OS, iOS, Android, firmware, and documents
  • Calculates file risk score using extracted information
  • Includes 100k+ rules to generate file intent behavior indicators
  • Uploads custom YARA rules for inclusion in Spectra Core static analysis (in addition to ReversingLabs-supplied rules)

Historical Analysis

  • Workflow, Detection History, Prevalence, Malware Family Volume, PTIs, and Analytics results persisted to an onboard database for internal provenance determinations
  • Dashboard tracks uploaded file content, user usage, and YARA Rule statistics

Analysis Management GUI

  • Provides access to unpacked files, PTIs, and risk score
  • Supports collaborative case management and tagging
  • Searches for samples by file name or tag
  • Searches the Spectra Analyze as well as Spectra Intelligence by import hashes, MD5, SHA1 or SHA256 hashes, and searches Spectra Intelligence by malware family name(s) and URIs to discover additional samples for analysis

Summary

  • The Spectra Analyze static analysis engine identifies and recursively de-archives/unpacks files, extracting relevant information that determines the true payload for each file’s status and threat capabilities.
  • It performs the ReversingLabs Hashing Algorithm (RHA) functional similarity analysis on each file, which can determine whether the analyzed sample is similar to previously seen malware or goodware. This matching signature is generated in less than 5 ms, and it serves as a basis for identifying potential zero-day attacks.
  • In addition to using already uploaded YARA rules to detect malware, the Spectra Analyze also performs multiple threat classification methods to identify malformed files or files with known malicious characteristics.
  • Spectra Analyze can leverage the ReversingLabs T1000/Spectra Intelligence lookup to deliver file reputation data. Malware samples are continually reanalyzed for the most up-to-date file reputation status that can be used to set up status change alerts.
  • Finally, to provide a more complete and powerful static/dynamic analysis solution, the Spectra Analyze can connect to the ReversingLabs Cloud Sandbox dynamic analysis service, integrate with Cuckoo, FireEye, Joe Sandbox, CAPE Sandbox, Cisco Secure Malware Analytics, VMRay, ReversingLabs Auxiliary Analysis, and can support integration with other threat intelligence technologies.