Security researcher Karthik of Adobe's PSIRT team has released an open source malware analyzer tool that will "perform quick, easy classification of binaries for malware analysis".
The Python-based tool, dubbed the “Adobe Malware Classifier", is being made available for download and is intended for "first responders" including "malware analysts, IT admins and security researchers of any stripe," according to the Adobe blog.
"Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for 'clean,' 1 for 'malicious,' or 'UNKNOWN.' The tool extracts seven key features from a binary, feeds them to one or all of the four classifiers, and presents its classification results," Karthik writes.
"The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs," Karthik continued.
The researcher discussed the development of the tool at the Infosec Southwest 2012 conference in Austin, TX, on April 1.
The Malware Classifier tool is available for download free of charge at Open @ Adobe.