The Genetic Summary section summarizes various elements the file has reused from previous software, including: code, strings, and capabilities.
Table of Contents
Malware Family Code Genes
This section shows a list of code families (malicious, trusted or libraries) found in the analyzed file. For example, WannaCry, Lazarus, Magic Hound, zlib or Common.
Each line contains the following information:
- Malware family - A description of the malware family with a link to this malware family’s page. Here you can see more related samples classified to this malware family, or even click on track this family to get notified monthly of new samples spotted in the wild through code reuse
- Percentage of shared genes - The percentage of shared genes with the classified family. The total of these percentages in all rows may not add up to 100% because some genes are shared by multiple families, such as by both WannaCry and Lazarus.
- Code genes - The number of code ‘genes’ extracted from the file and classified as a particular software type. Clicking on this link will move you to the Code Reuse section.
- Strings - The number of strings extracted from the file and classified as a particular software type. Clicking on this link will move you to the Strings Reuse section.
- Capabilities - The number of capabilities (static TTPs) extracted from the file and classified as this software type. Clicking on this link will move you to the Static TTPs section.
- Common Genes - Common genes are code ‘genes’ extracted from the file that can appear in both trusted and malicious software.
The File Metadata section shows additional information about the file, such as file type, size, product, and company name.
In some cases, this info can be very revealing. For example, if a software identifies its company as Microsoft, but doesn't actually contain any code from Microsoft, it’s likely an evasive malware masquerading itself as a legitimate Microsoft program. This field will be highlighted in orange.