Now VirusTotal is able to characterize firmware images in detail. Such analysis can help a digital forensics investigator to understand if the acquired image contains malicious code.
Here are the new tool’s main capabilities:
- Apple Mac BIOS detection and reporting.
- Strings-based brand heuristic detection, to identify target systems.
- Extraction of certificates both from the firmware image and from executable files contained in it.
- PCI class code enumeration, allowing device class identification.
- ACPI tables tags extraction.
- NVAR variable names enumeration.
- Option ROM extraction, entry point decompilation and PCI feature listing.
- Extraction of BIOS Portable Executables and identification of potential Windows Executables contained within the image.
- SMBIOS characteristics reporting.
Additional information tab has a new field – Source Details, where you’ll find attribution information for the uploaded file:
For more information about the tool check this link.
