The malware classifier tool, developed by Adobe researcher Karthik Raman, provides “quick malware triage” using a Python tool.
The malware classifier uses algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN”, Raman wrote in a blog. The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results, he added.
“I’ve since decided to make this tool, called 'Adobe malware classifier,' available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful”, he related.
The tool was developed using models developed from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs, Raman added.
“Malware classification can be a difficult task for even experienced analysts, especially in the modern era of highly obfuscated code, binaries that are designed to evade scanners and anti-malware applications. Determining whether an odd binary is potentially malicious can be a frustrating and time-consuming task”, commented Dennis Fisher on the Kaspersky Lab’s Threat Post blog.
The malware classifier is available at Open @ Adobe.