VMRay Analyzer V 2.0 will be released this week and we’ll be presenting it at the RSA Conference next week. The latest release has many new features including the addition of a built-in reputation engine that identifies known malicious or known benign files in milliseconds, support for the analysis of new sample types such as Microsoft Access, Visio, Project and Publisher files, a new severity status label for threat classification, redesigned dashboards, simpler ways to create database backups and several improvements to the VMRay analyzer engine.
Here’s an overview of the new features:
The new VMRay reputation engine contains a database of known malicious file hashes and known benign file hashes that can be looked up before starting an analysis. The ability to identify known good or bad files (also called a reputation lookup) in milliseconds has several advantages. The most significant being that it enables an extremely large number of reputation lookups and analyses to be performed. The reputation engine can be configured to operate in any of the following modes.
We have started to see malware authors use embedded VBA macros in many unconventional file types to attack hosts. In response to this trend, VMRay Analyzer V 2.0 supports the analysis of MS Access, Publisher, Project and Visio files.
The new severity status is based on the reputation lookup, analysis result (VTI Score) and VirusTotal and Metadefender results (if enabled). The severity status is displayed on the UI and is also returned by the VMRay Analyzer API’s. There are six new severity status labels (see below) to classify a file after it has been analyzed.
More details related to the interpretation of the severity status are included in the online documentation.
We have redesigned the user dashboard to incorporate the new severity status and the additional functionality introduced by the reputation engine. A cleaner user dashboard now displays file name, file type, analysis status and a color-coded severity status. Also included on the V 2.0 user dashboard is daily quota usage.
V 2.0 allows users to create backups from the web interface. Users can choose the components they want to include in a backup. Components include the SQL database on the VMRay server machine, sample files, prescript files, all analyses files, hook files and relevant settings files.
In V 2.0, several improvements have also been made to the core VMRay Analyzer engine. These include:
For the full list of changes and fixes, customers can consult the changelog in the online documentation.
*Note: The analysis of Microsoft Project and Visio files is only supported in the on-premise version of VMRay
Follow us on Twitter @VMRay to get updates on future blog posts like this.