The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over a powerful pre-configured test environment where they can deeply inspect advanced malware, zero-day, and targeted APT attacks embedded in common file formats, email attachments, and Web objects. With deep instrumentation, the FireEye system is uniquely able to trace the full execution path of zero-day and known attacks as well as provide forensic details on custom malware communication protocols.
When threat analysts need help testing, replaying, characterizing, and documenting very customized malicious activities, they can simply load a suspicious file or set of files into the FireEye MAS' Virtual Execution engine. As it analyzes files such as phishing email attachments, PDF documents, or Web objects via a URL, the Malware Analysis System reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on malware download attempts.
- Provides pre-configured sandbox or live-mode analysis for unknown code and suspicious Web objects – Supports single and batch testing with a range of browsers, plug-ins, applications and Windows operating environments, looking for any sign of unusual activity and any attempt to exploit a vulnerability. Confirms personalized and zero-day malware and targeted attacks including malicious images, PDFs, and Flash files.
- Identifies outbound malware transmissions across multiple protocols – Shows how malicious code plans to steal data, control bot activities or communicate multistage operations using HTTP, FTP, or IRC, revealing the intent of the malicious software
- Dynamically generates malware intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the cloud
- Fully integrated with Web and Email MPS – With full integration, all callback channels discovered can be pushed to the Web MPS and any malicious URLs can be pushed to both the Web and Email MPS via the FireEye CMS for active identification of systems compromised with that malware family
- Streamlines analysis – Lets analysts drill into samples to confirm attacks and understand the intent and targets of the criminals, without the overhead of creating and maintaining test configurations