AVCLASS++: Yet Another Massive Malware Labeling Tool
avclassplusplus is an appealing complement to AVCLASS [1], a state-of-the-art malware labeling tool.
AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital part of shepherding a dataset. AVCLASS, a tool developed for this purpose, takes as input VirusTotal reports and returns labels that aggregate scan results of multiple anti-viruses. And now, AVCLASS++ is shipped with the brand-new capacities!
In a nutshell, AVCLASS++ enables the following operation:
- Input:
- VirusTotal report(s)
- Malware binar(y|ies) (optional)
- Output:
- Malware label(s) (family name)
Features
AVCLASS++ is developed for freeing you from the task of worrying about what families malware samples are. The salient features of AVCLASS++ are as follows:
- Automatic. AVCLASS++ removes manual analysis limitations on the size of the input dataset.
- Vendor-agnostic. AVCLASS++ operates on the labels of any available set of AV engines, which can vary from sample to sample.
- Cross-platform. AVCLASS++ can be used for any platforms supported by AV engines, e.g., Windows or Android malware.
- Does not require executables. AV labels can be obtained from online services like VirusTotal using a sample’s hash, even when the executable is not available. Yet, AVCLASS++ has also a potential that can improve label accuracy if there is an executable.
- Quantified accuracy. The original AVCLASS had evaluated [1] on five publicly available malware datasets with ground truth. AVCLASS++ is further tuned to perform under adverse conditions.
- Open-source. We are happy to release AVCLASS++ to the community. Prithee, use it for the further development of prompt security operation and reproducible security research!
Install && Use
Copyright (c) 2016 MaliciaLab @ IMDEA Software Institute
The post [Blackhat Europe tool] avclassplusplus: Massive Malware Labeling Tool appeared first on Penetration Testing.