Software
Now Reading
Find firmware malware with VirusTotal
0

Find firmware malware with VirusTotal

Now VirusTotal is able to characterize firmware images in detail. Such analysis can help a digital forensics investigator to understand if the acquired image contains malicious code.

Here are the new tool’s main capabilities:

  • Apple Mac BIOS detection and reporting.
  • Strings-based brand heuristic detection, to identify target systems.
  • Extraction of certificates both from the firmware image and from executable files contained in it.
  • PCI class code enumeration, allowing device class identification.
  • ACPI tables tags extraction.
  • NVAR variable names enumeration.
  • Option ROM extraction, entry point decompilation and PCI feature listing.
  • Extraction of BIOS Portable Executables and identification of potential Windows Executables contained within the image.
  • SMBIOS characteristics reporting.

Additional information tab has a new field – Source Details, where you’ll find attribution information for the uploaded file:

Malware_forensics_firmware_weare4n6

For more information about the tool check this link.