Adobe Releases Malware Classifier Tool

Adobe has published a free tool that can help administrators and security researchers classify suspicious files as malicious or benign, using specific machine-learning algorithms. The tool is a command-line utility that Adobe officials hope will make binary classification a little easier.

AdobeAdobe has published a free tool that can help administrators and security researchers classify suspicious files as malicious or benign, using specific machine-learning algorithms. The tool is a command-line utility that Adobe officials hope will make binary classification a little easier.

Adobe researcher Karthik Raman developed the new Malware Classifier tool to help with the company’s internal needs and then decided that it might be useful for external users, as well. 

” To make life easier, I wrote a Python tool for quick malware triage for our team. I’ve since decided to make this tool, called “Adobe Malware Classifier,” available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful,” Raman wrote in a blog post.

“Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.” The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results.”

The Malware Classifer is an open-source tool and users can download it free from SourceForge. Malware classification can be a difficult task for even experienced analysts, especially in the modern era of highly obfuscated code, binaries that are designed to evade scanners and anti-malware applications. Determining whether an odd binary is potentially malicious can be a frustrating and time-consuming task, and so Raman is hoping that malware Classifier will help with that.

“The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs,” he wrote.

Suggested articles

Discussion

  • Palani on

    The code doesn't contain any machine learning feature.

    It is a simple tool with some heuristic detection logic based on PE header components.

    Even the detection logics are also weak.

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.