2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Scaling Up Malware Analysis with Gemini 1.5 Flash

Scaling Up Malware Analysis with Gemini 1.5 Flash>
Google Blog – Bernardo Quintero,Alex Berry, Ilfak Guilfanov, Vijay Bolina
Executive Summary:
– Gemini 1.5 Flash, a lightweight and cost-effective model, was tested for large-scale malware analysis.
– The model can process up to 1,000 requests and 4 million tokens per minute.
– 1,000 Windows executables and DLLs from VirusTotal were analyzed, with Gemini 1.5 Flash effectively resolving false positives, obfuscated code, and zero-detection malware.
– On average, each file was processed in 12.72 seconds, providing accurate summary reports
Key Points:
1) Gemini 1.5 Flash showcased impressive speed, with the fastest processing time being 1.51 seconds and the slowest 59.60 seconds.
2) The model successfully dispelled false positives, identifying legitimate software components and game launchers.
3) It analyzed obfuscated malware, extracting IOCs such as C2 server URLs, mutexes, registry keys, and suspicious file names.
4) Gemini 1.5 Flash detected a zero-hour keylogger that evaded all anti-virus engines on VirusTotal.
5) The malware analysis pipeline consists of unpacking (Mandiant Backscatter), decompilation (Hex-Rays Decompilers), and code analysis (Gemini 1.5 Flash).
6) The performance of Gemini 1.5 Flash heavily depends on the quality of unpacking and decompilation stages.
7) Ongoing development focuses on improving language-specific structure recognition, meaningful naming, and providing richer contextual information to the model.
8) Code analysis reports will be integrated into VirusTotal’s Code Insight section, and an advanced version of the pipeline will be available within Google Threat Intelligence’s Private Scanning service
In summary, Gemini 1.5 Flash demonstrated its capability for rapid, large-scale malware analysis, effectively handling various types of binaries and providing valuable insights into their functionality and potential threats
The integration of this AI-driven analysis into VirusTotal and Google Threat Intelligence marks a significant step forward in cybersecurity.
Link: https://cloud.google.com/blog/topics/threat-intelligence/scaling-up-malware-analysis-with-gemini

Categories:

Tags: