Prompt. In detail.

FileScan.IO is a Next-Gen Sandbox and free malware analysis service. It runs at 10 times the speed of traditional sandboxes with 90% less resource consumption, and its unique adaptive threat analysis technology also enables zero-day malware detection and more Indicator of Compromise (IOCs) extractions.

Constantly changing threats

We are in a technological arms race as threat actors are constantly refining their techniques and creating ever more sophisticated malware to evade security solutions.

This means that malware analysis systems must be able to effectively analyze these threats regardless of the evasive measures used and the level of sophistication.

This analysis must be able to take the action of extracting built-in Indicators of Compromise (IOCs) for pre-emptive blocking measures, breach detection and proactive threat hunting in a post-breach scenario.

Strong obfuscation and encryption in malware means that only the actual execution of the malware (usually in an isolated environment, also known as dynamic analysis) was effective in extracting the necessary key IOCs (e.g., network IPs, URLs, domains) on a consistent basis.

FileScan – Next-Gen Approach

We asked ourselves a simple question: what if we could create a technology that would bridge the gap between static analysis and full-fledged VM-based sandbox systems?

We needed something that could scan thousands of files for malware in a short period of time, while overcoming layers of obfuscation to get to the “nuggets of gold” (IOCs) that are so invaluable – all with low resource requirements, easy maintenance and high efficiency.

Why OPSWAT FileScan?

  • Perform IOC detection and extraction for all popular threats (files and URLs) in a single platform
  • Quickly identify threats, their capabilities and update security systems
    Searching the corporate network for vulnerable endpoints
  • API-based framework for easy integration with existing systems
  • Easy reporting for entry-level analysts and executive summary
  • Easy deployment (in the cloud on platforms such as AWS or on-premises, including air gapped)
  • Standard report export formats (HTML/PDF/MISP/STIX)

Adaptive hazard analysis

OPSWAT FileScan’s unique adaptive threat analysis technology enables zero-day malware detection and more Indicator of Compromise (IOCs) extractions.

Key features:

  • Threat-agnostic file and URL analysis capable of massive amounts of processing thanks to a scalable architecture
  • Focus on the extraction of intrusion indicators (IOCs), including the operating context for incident response
  • Our patented Rapid Dynamic Analysis engine enables detection of targeted attacks bypassing anti-analytical tricks (e.g., geofencing)

Strong. Quick. Efficient.

Utilizing unique adaptive threat analysis technology, OPSWAT FileScan is built for power, speed and efficiency.

10x Faster – In any race, speed counts – and OPSWAT FileScan is ten times faster than traditional sandboxing.

100x More Efficient – OPSWAT FileScan is 100x more resource efficient than other Sandboxes.

Setup in less than an hour – In less than an hour, OPSWAT FileScan works to help protect you from malware.

25,000 Files per Day – On a single server, OPSWAT FileScan can process 25,000 files per day.

FileScan – Competition comparison

The table below compares the current feature set of the OPSWAT FileScan engine with its peer group. This feature set does not include platform features such as API coverage, customizable ACLs, OAuth integration, CEF syslog feedback, etc. Please contact us to book a technical demo and explore all the features and capabilities of the platform.

FunctionFileScan.IOCloud online analysis tool AOnline cloud analysis tool BPopular static analysis tools
Render URLs and detect phishing sitesyesyesNoNo
Extract and decode almost all malicious VBA macrosYesNoyesNo
Analyze VBA stomp files designed for any systemyesNoNoNo
Shell code emulation (x86 32/64)yesNoyesNo
Export MISP (JSON) and STIX report formatsyesNoNoNo
Extract and analyze embedded PE filesyesNoNoNo
Decipher JavaScript / VBSyesNoYes but limitedNo
Decipher Powershell scriptsyesNoYes but limitedNo
Analyze the structure of the METF Embed Equation exploityesNoNoNo
Analyze poorly worded RTF filesyesNoNoNo
Analyze Office binary file formats (BIFF5/BIFF8)yesNoNoNo
Analyze the Strict OOXML file formatyesNoNoNo
Automatically decode Base64 stringsyesNoNoNo
Detailed annotated disassemblyyesNoNoNo
Decrypt password-protected office documentsyesNoyesNo
Decompile JavayesNoyesNo
Decompile .NETyesNoyesNo
Calculate .NET platform GUIDs (module version/TypeLib identifier)yesyesNoNo
Classify imported APIsyesNoNoyes
MITER ATT&CK supportyesNoyesyes
Render PDF pagesyesyesyesNo
Extract embedded files (e.g. OLE2 from Word)yesyesyesNo
Automatically tag samples based on signaturesyesyesyesNo
Support from YARAyesyesyesNo
Generate text metrics (average word size, etc.)yesNoNoNo
Detection of cryptographic constantsyesNoNoNo
Text analysis (guessed language)yesyesNoNo
Map UUIDs to known related files / metadatayesNoYes but limitedNo
Filter strings and detect interestingyesNoyesyes
Extract and detect overlayyesNoNoyes
Integrated white listyesyesyesNo
Detect alternative IOCs (email address bitcoin, etc.)yesNoyesNo
Calculate autentihashyesyesyesNo
Verify Authenticode signaturesyesyesyesyes
Analyze the RICH headeryesyesYes but limitedyes
Calculate entropy of resourcesyesyesNoyes
Detect domain URLs and IP addressesyesYes but limitedyesyes
Calculate resource shortcutsyesyesNoyes
Calculate ImphashyesyesyesNo
Calculate SSDEEPyesyesyesNo
Extract PDB informationyesyesyesyes
Detect TLS callbacksyesNoyesyes
Solve known import ordinal numbers into namesyesNoyesyes
Anomaly detection (e.g., header checksum validation)yesYes but limitedyesyes
Query VirusTotal to check reputationyesyesyesyes
Packer detection (PEiD)yesyesyesyes
Detect file typesyesyesyesyes
Calculate section abbreviationsyesyesyesyes
Calculate the entropy of the cross sectionsyesyesyesyes
Extract strings from the executable fileyesyesyesyes
Extract/hide resourcesyesyesyesyes
Extract/hide PKCS7 certificateyesyesyesyes

Proven technology

Being very confident in the robustness of our technology and eager for feedback, we run a free community service at www.file-scan.io, which is verified by thousands of daily scans. This field test against fresh malware and phishing threats keeps our solution up to date, hardened and provides a high level of quality. As researchers at heart, we often try out cutting-edge technologies on the community platform, allowing us to quickly adapt to the latest cyber security trends. Only proven technologies make their way into an enterprise-grade commercial product.