SOLUTIONS

CAMAL

CAMAL brochure can be downloaded from HERE.

CAMAL online can be accessed from HERE.

COSEINC Automated Malware Analysis Lab (CAMAL) represents the cutting edge in malware analysis research. Its next generation malware analysis engine provides an integrated platform to analyze both dynamic and static profiles of a malware.

CAMAL uses virtual machines to isolate running instances of a malware. This enables the analysis to be carried out in a safe and secure environment.

With proprietary monitoring technologies, CAMAL is able to accurately track the malware's interactions with the operating system and network, including botnet communication channels.

Automated Analysis

The automated analysis process starts by submitting the malware to CAMAL. No further user interactions are needed when the malware is being examined. Upon completion, the report of the analysis can be downloaded from CAMAL.

Key Features

Technical Highlights
  • Cutting edge analysis engine
  • Web interface for easy management
  • Database storage for analyzed malwares
  • Generate reports for analyzed malwares
  • Appliance based solution that works out of the box
  • Complete packet capture
  • Protocols dissections with support for HTTP, SMTP, FTP, DNS and P2P traffic
  • Traffic tracking
  • Dynamic binary emulation
  • Static binary inspection including packers and file headers
  • Track file system changes
  • Track registry changes
  • Malware classification by using supported antivirus engine

d-ANALYSER

Modern malware propagates by exploiting vulnerabilities in applications that process electronic document files (such as PDF, DOC, PPT and XLS). Current security solutions are unable to effectively mitigate this threat when the exploited vulnerabilities are 0-day and unknown to the public.

D-Analyzer aims to provide a revolutionary solution to this problem. By using various cutting edge analysis and sandboxing methods, D-Analyzer is able to determine if an exploit is embedded within a document file.

This is done by monitoring the application that opens the file for signs of exploitation and does not rely on any fix signature set. Doing so enables D-Analyzer to even detect 0-day exploits that reside in the file. Running the analysis in a sandbox environment will also ensure that the exploit or malware will not infect the machine that is running the analysis.

Key Features
  • Detect exploits on unknown and 0-day vulnerabilities
  • Analysis engine has no file format dependency
  • Intuitive GUI that allows easy file scanning
  • Batch job that allows bulk scanning of suspicious files

OptiCODE

OptiCODE can be accessed from HERE.

Modern malwares use a lot of obfuscation techniques to make its code more difficult to understand for malware analysts, with the hope of preventing attempts to reverse engineer their codes. Unfortunately, malware analysts are still reversing such nasty codes manually since there are no reliable tools to help with this problem.

OptiCode is our answer to this issue. Our tool uses highly advanced compiler techniques to automatically find and remove the obfuscated sections, then presents the cleaned code to the users.

OptiCode is very user-friendly. It supports both 32-bit and 64-bit Intel platforms. Users can also choose to use it as a Web interface or as an IDA plugin.

Key Features
  • Automatically deobfuscate machine level code for malware analyst
  • Friendly and easy to use
  • Available as Web-based tool & IDA plugin
  • Supports Intel 64-bit and 32-bit