ReversingLabs Auxiliary Analysis
Overview
ReversingLabs Auxiliary Analysis is a static analysis service that provides deeper inspection and enrichment for samples processed by Spectra Analyze. When enabled, it runs additional specialized analysis services and returns detailed results that appear on the Sample Details page under Auxiliary Analysis.
Auxiliary Analysis is configured centrally and can be enabled as part of first-party integrations.
Configuration
For more information about configuring this integration, see Integrations - Static analysis.
Auxiliary analysis reports
| Maximum supported file size | Submitting only distinct files |
|---|---|
| 100 MiB | Not supported |
When ReversingLabs Auxiliary Analysis finishes processing a sample, a report with the analysis results is sent to the Spectra Analyze appliance. This report can be accessed from the Sample Details page under Auxiliary Analysis.
The report for this integration includes detailed inspection data, such as:
- General sample information: basic metadata and file identification.
- Detected heuristics: specialized static analysis heuristics that identify suspicious patterns and behaviors.
- ATT&CK information: mapping of detected behaviors to the MITRE ATT&CK framework.
- Extracted files: list of files extracted during the analysis process, each with its own threat score.
- IOCs: indicators of compromise discovered during the static inspection.
- Threat score: a numerical value representing the overall risk of the sample.
The threat score of each file, including the sample and all extracted files, indicates its severity and helps interpret the classification.
| Score | Classification interpretation |
|---|---|
| - 1000 | Clean |
| 0 - 299 | Informational |
| 300 - 699 | Suspicious |
| 700 - 999 | Highly suspicious |
| >= 1000 | Malicious |
Auxiliary analysis services
Auxiliary Analysis combines multiple specialized services, each focused on a particular file type or analysis technique:
| Service name | Speciality |
|---|---|
| APKaye | Android APK |
| Ancestry | File genealogy |
| Batchdeobfuscator | Deobfuscation |
| CAPA | Windows binaries |
| Characterize | Entropy analysis |
| ConfigExtractor | IoC extraction |
| DeobfuScripter | Deobfuscation |
| DocumentPreview | Visualization |
| EmlParser | |
| Espresso | Java |
| Extract | Compressed file |
| Floss | IoC extraction |
| FrankenStrings | String extraction |
| JsJaws | Javascript |
| MetaPeek | Meta data analysis |
| Oletools | Office documents |
| Overpower | PowerShell |
| PDFId | |
| PE | Windows binaries |
| PeePDF | |
| PixAxe | Images |
| Swiffer | Adobe Shockwave |
| TorrentSlicer | Torrent files |
| Unpacker | UPX Unpacker |
| ViperMonkey | Office documents |
| XLMMacroDeobfuscator | Office documents |