Adobe has recently unveiled a malware classification tool intended to give security research professionals and “incident first responders” a more powerful means of identifying malicious binary files.
… and it’s open source, publicly available under the BSD license.
Falling under the remit and purview of Adobe’s Product Security Incident Response Team (PSIRT) team, the Adobe Malware Classifier tool uses “machine learning algorithms” to classify and identify Win32 binaries — i.e. EXEs and DLLs — into three classes:
• 0 for “clean,”
• 1 for “malicious,”
• or “UNKNOWN.
NOTE: “machine learning algorithms” are defined in computer science as a branch of artificial intelligence (AI) whereupon a computer uses algorithmic logic to analyse raw (generally empirical) data to generate rules, laws and patterns based upon it. In a sense, the system creates its own greater version of itself over the course of its life.
Adobe security engineer Karthik Raman has explained that part of what the PSIRT team does is is respond to security incidents and sometimes this involves analysing malware.
“To make life easier, I wrote a Python tool for quick malware triage for our team. I’ve since decided to make this tool, called Adobe Malware Classifier, available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful.”
The tool is available for download here from SourceForge.