Analysis Modules
The analysis modules currently available in MultiScanner are listed by catagory below.
| AV Scans |
|
|---|
| AVG 2014 |
Scans sample with AVG 2014 |
| ClamAVScan |
Scans sample with ClamAV |
| McAfeeScan |
Scans sample with McAfee AntiVirus Command Line |
| Microsoft Security Essentials |
Scans sample with Microsoft Security Essentials |
| Metadefender |
Interacts with OPSWAT Metadefender Core 4 Version 3.x, polling Metadefender for scan results. |
| vtsearch |
Searches VirusTotal for sample’s hash and downloads the report if available |
| Sandbox Detonation |
|
|---|
| Cuckoo Sandbox |
Submits a sample to Cuckoo Sandbox cluster for analysis. |
| FireEye API |
Detonates the sample in FireEye AX via FireEye’s API. |
| VxStream |
Submits a file to a VxStream Sandbox cluster for analysis. |
| Metadata |
|
|---|
| ExifToolsScan |
Scans sample with Exif tools and returns the results. |
| MD5 |
Generates the MD5 hash of the sample. |
| PEFile |
Extracts features from EXE files. |
| SHA1 |
Generates the SHA1 hash of the sample. |
| SHA256 |
Generates the SHA256 hash of the sample. |
| Tika |
Extracts metadata from the sample using Tika. |
| TrID |
Runs TrID against a file. |
| Flare FLOSS |
FireEye Labs Obfuscated String Solver uses static analysis techniques to deobfuscate strings from malware binaries. [floss]| |
| libmagic |
Runs libmagic against the files to identify filetype. |
| Metadefender |
Runs Metadefender against a file. |
| pdfinfo |
Extracts feature information from PDF files using pdf-parser. |
| pehasher |
Computes pehash values using a variety of algorithms: totalhase, anymaster, anymaster_v1_0_1, endgame, crits, and pehashng.| |
| ssdeep |
Generates context triggered piecewise hashes (CTPH) for files. More information can be found on the ssdeep website. |
| Signatures |
|
|---|
| YaraScan |
Scans the sample with Yara and returns the results. |