Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Sandbox ML

Static AI Engine to detect unknown malicious Files.

By applying the latest machine learning and AI techniques Joe Sandbox ML detects malicious PE, PDF, ELF and Microsoft Office (.doc, .ppt, .xls, .docx, .pptx, .xlsx) files.

Joe Sandbox ML does not require any signature updates to detect unknown malicious files.

Joe Sandbox ML is a plug-in which integrates seamlessly into Joe Sandbox Desktop, Joe Sandbox Ultimate and Joe Sandbox Cloud. With Joe Sandbox ML, Joe Sandbox Desktop and Ultimate benefit from enhanced detection capabilities in cases where dynamic analysis does not reveal any malicious behavior.
Joe Sandbox ML

Joe Sandbox ML Explained

Joe Sandbox ML Explained

Joe Sandbox ML is run on any file artifact gathered by Joe Sandbox during execution. This includes the submitted sample, any file created or downloaded by the malware as well as the unpacked executables (Joe Sandbox includes an advanced engine to reconstruct executable files from memory dumps). For all these files, Joe Sandbox ML will generate a verdict which is either clean or malicious. Joe Sandbox ML's verdict is then combined with the threat score determined via the dynamic execution. The final verdict is shown to the user.

Joe Sandbox ML greatly helps to detect malware samples which do not execute or do not show any malicious behavior during the dynamic execution. Examples are hack tools which require command lines and malware samples with dependencies such as addition Dlls or configuration files. In addition, Joe Sandbox ML is run on reconstruct and unpacked executables. Run a static detection engine on unpacked and reconstructed files greatly increases detections since the obfuscation layer has been removed.

Example report of an expired DanaBot detected by Joe Sandbox ML.


Learn more about Joe Sandbox ML

Contact Joe Security to schedule a technical presentation.

Powerful Static AI

Joe Sandbox ML uses state of the art machine learning and artificial intelligence techniques to detect malicious files. Joe Sandbox ML detects unknown malicious files and does not require any signature updates.

Powerful Static AI

Support for wide Range of File Formats

Joe Sandbox ML supports detection for a wide range of different file formats, including PE, PDF, ELF and Microsoft Office (.doc, .ppt, .xls, .docx, .pptx, .xlsx) files.

Support for wide Range of File Formats

High Detection Precision

Joe Sandbox ML is tuned to detect as many malicious samples as possible. In addition, Joe Sandbox ML results have a low false positive rate.

High Detection Precision

High Performance

Joe Sandbox ML provides a verdict very quickly, often under one second. This allows to analyze thousands of files very quickly.

High Performance

Learn more about Joe Sandbox ML

Contact Joe Security to schedule a technical presentation.

What files does Joe Sandbox ML analyze?

Joe Sandbox ML analyzes PE, PDF, ELF and Microsoft Office (.doc, .ppt, .xls, .docx, .pptx, .xlsx) files.

How does Joe Sandbox ML work?

Joe Sandbox ML is a static file parser which uses machine learning and AI techniques to detect malicious files.

What is the benefit of using Joe Sandbox ML with Joe Sandbox?

Joe Sandbox ML detects files that do not show any malicious behavior during the dynamic analysis or cannot be executed.

Which files are analyzed with Joe Sandbox ML?

The submitted samples, any dropped or created files as well as any unpacked or reconstructed files.

Is Joe Sandbox ML slow?

No, Joe Sandbox ML is often able to make a determination in less than a second.

In which Joe Sandbox product can I use Joe Sandbox ML

You can use Joe Sandbox ML in Joe Sandbox Desktop, Ultimate and Cloud.

Where are the Joe Sandbox ML detections shown? Do you have an example?

You will find the Joe Sandbox ML detections in the Antivirus and Machine Learning section (Overview - Antivirus and ML Detection). An example report of an expired DanaBot sample can be found here.