From Mole Hills to Mountains: Revealing Rich Header and Malware Triage

Posted on in Presentations

Obfuscation techniques used by malware authors makes performing triage a monumentally challenging task. This presentation will show how to overcome this by extracting hidden PE32 fields and then perform rapid, near real-time triage across millions of samples. Furthermore, our method shows when malware has been built under different build environments, revealing potentially distinct actors.
Zachary Hanif


Head of Security Machine Learning, Capital One

George Webster


Ph.D. Candidate, Technical University Munich

Share With Your Community