Gemini 1.5 Pro For Malware Analysis to Detect Zero-day Malware

Google has introduced Gemini 1.5 Pro for malware analysis, an advanced AI tool capable of processing up to 1 million tokens. This tool revolutionizes automated malware analysis and marks a significant leap forward in the ongoing battle against the ever-evolving threat landscape.

Gemini 1.5 Pro for automated malware analysis successfully identified a zero-day threat undetected by any anti-virus or sandbox on VirusTotal. The tool processed the decompiled code and issued a malicious verdict, revealing suspicious functionalities aimed at stealing cryptocurrency and evading detection.

“This showcases Gemini’s ability to go beyond simple pattern matching or ML classification and leverage its deep understanding of code behavior to identify malicious intent, even in previously unseen threats,” said Smith.

Historically, Malware Analysis has relied heavily on static and dynamic analysis techniques. Static analysis involves examining the malware without executing it, providing insights into its code structure and logic.

On the other hand, dynamic analysis observes the malware in execution, offering a glimpse into its behavior in a controlled environment. While these methods are foundational, they face limitations in handling the increasing complexity and volume of malware, often requiring extensive manual effort and expertise.

Parallel to these traditional techniques, AI and machine learning have been explored to enhance malware detection.

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

If you want to test all these features now with completely free access to the sandbox:

Gemini 1.5 Pro emerges as a groundbreaking tool designed to address the limitations of existing malware analysis methods. It leverages generative AI to automate and scale malware analysis, particularly reverse engineering.

With the capability to process prompts of up to 1 million tokens, Gemini 1.5 Pro significantly expands the scope of automated analysis, enabling a comprehensive examination of complex malware samples in their entirety.

“By analyzing the entire code at once, Gemini 1.5 Pro gains a comprehensive understanding of the malware, allowing for more accurate and comprehensive analysis,” explained John Smith, Lead Researcher on the Gemini project.

The analysis of WannaCry binaries demonstrated Gemini 1.5 Pro’s capabilities, showcasing its ability to accurately identify ransomware characteristics and potential attack vectors.

Furthermore, its performance in analyzing unknown malware samples illustrates its potential to detect and understand never-before-seen threats, a critical advantage in proactive cybersecurity defense.

Let’s explore a practical case study to examine how Gemini 1.5 Pro performs in analyzing decompiled code with a representative malware sample.

Google processed two WannaCry binaries automatically using the Hex-Rays decompiler, without adding any annotations or additional context.

This approach resulted in two C code files, one 268 KB and the other 231 KB in size, which together amount to more than 280,000 tokens for processing by the LLM.

The ability of malware analysis tools to identify novel threats that evade traditional security measures and to provide proactive defense against zero-day attacks is a crucial metric for determining their effectiveness.

In this context, we explore an instance where the executable file “medui.exe,” which went undetected by all antivirus programs and sandboxes on VirusTotal, was analyzed.

Gemini 1.5 Pro analyzed the 833 KB file in just 27 seconds, breaking it down into 189,080 tokens, and producing a thorough malware analysis report from a single examination.

This rapid and detailed analysis pinpointed several suspicious features, leading Gemini 1.5 Pro to classify the file as malicious.

The analysis determined that the malware’s main purpose was to steal cryptocurrency by manipulating Bitcoin transactions and to avoid detection by disabling security software.

This instance demonstrates Gemini 1.5 Pro’s advanced capabilities in identifying and understanding malicious code behaviors beyond traditional pattern recognition or machine learning classifications, highlighting its effectiveness in addressing novel security threats.

Despite its advancements, Gemini 1.5 Pro, like any tool, faces challenges. These include dealing with malware obfuscation techniques, increasing binary sizes, and evolving attack methods.

To get around these problems and keep automated malware analysis working well, generative AI models and preprocessing techniques will need to keep getting better.

Gemini 1.5 Pro represents a significant milestone in cybersecurity, offering a scalable and automated solution to malware analysis challenges.

Combat Sophisticated Email Threats With AI-Powered Email Security Tool -> Try Free Demo