Joe Sandbox ML is run on any file artifact gathered by Joe Sandbox during execution. This includes the submitted sample, any file created or downloaded by the malware as well as the unpacked executables (Joe Sandbox includes an advanced engine to reconstruct executable files from memory dumps). For all these files, Joe Sandbox ML will generate a verdict which is either clean or malicious. Joe Sandbox ML's verdict is then combined with the threat score determined via the dynamic execution. The final verdict is shown to the user.
Joe Sandbox ML greatly helps to detect malware samples which do not execute or do not show any malicious behavior during the dynamic execution. Examples are hack tools which require command lines and malware samples with dependencies such as addition Dlls or configuration files. In addition, Joe Sandbox ML is run on reconstruct and unpacked executables. Run a static detection engine on unpacked and reconstructed files greatly increases detections since the obfuscation layer has been removed.
Example report of an expired DanaBot detected by Joe Sandbox ML.
Contact Joe Security to schedule a technical presentation.
Joe Sandbox ML uses state of the art machine learning and artificial intelligence techniques to detect malicious files. Joe Sandbox ML detects unknown malicious files and does not require any signature updates.
Joe Sandbox ML supports detection for a wide range of different file formats, including PE, PDF, ELF and Microsoft Office (.doc, .ppt, .xls, .docx, .pptx, .xlsx) files.
Joe Sandbox ML is tuned to detect as many malicious samples as possible. In addition, Joe Sandbox ML results have a low false positive rate.
Joe Sandbox ML provides a verdict very quickly, often under one second. This allows to analyze thousands of files very quickly.
Contact Joe Security to schedule a technical presentation.
Joe Sandbox ML analyzes PE, PDF, ELF and Microsoft Office (.doc, .ppt, .xls, .docx, .pptx, .xlsx) files.
Joe Sandbox ML is a static file parser which uses machine learning and AI techniques to detect malicious files.
Joe Sandbox ML detects files that do not show any malicious behavior during the dynamic analysis or cannot be executed.
The submitted samples, any dropped or created files as well as any unpacked or reconstructed files.
No, Joe Sandbox ML is often able to make a determination in less than a second.
You can use Joe Sandbox ML in Joe Sandbox Desktop, Ultimate and Cloud.
You will find the Joe Sandbox ML detections in the Antivirus and Machine Learning section (Overview - Antivirus and ML Detection). An example report of an expired DanaBot sample can be found here.