Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Abstract: In one embodiment, a malware analysis method includes receiving a file on a virtual machine (VM). The VM includes, a web debugging proxy, a system resource monitor, and a file analysis tool. The method also includes performing, with the file analysis tool, a static analysis on the file. The static analysis includes determining a set of file properties of the file, and storing the determined file properties in a repository. The method further includes performing, with the web debugging proxy and the system resource monitor, a dynamic analysis on the file, the dynamic analysis. The dynamic analysis includes running the file on the VM, determining, with the web debugging proxy, web traffic of the virtual machine, determining, with the system resource monitor, executed commands and modifications to system resources of the VM originating from the file, and storing the determined traffic and executed commands in the repository.

Abstract: Embodiments herein relate to identifying, by an electronic device based on a signature that identifies a file, a first parameter of the file. The electronic device can further identify, based on a behavior of the file that is to occur if the file is executed, a second parameter of the file. The electronic device can further identify a first value based on the first parameter and a second value based on the second parameter. The electronic device can further identify, based on the first value and the second value, a probability that the file is malware. The electronic device can further output an indication of the probability. Other embodiments may be described or claimed.

Abstract: A method of enabling enhanced security analysis for quarantined email messages, comprises receiving, at an email gateway an inbound email message from an external network, determining whether the email message is to be quarantined, restructuring the email message, if the message is to be quarantined, as an attachment for a new email, constructing a new email message addressed to a secure repository on a secure pathway, attaching the restructured email message to the new email message and releasing the new email message that includes the restructured email message as an attachment. Threat analysis is performed by one or more security services in the secure pathway. Suspicious emails and analysis results are stored in the secure repository.

Abstract: A method of enabling enhanced security analysis for quarantined email messages, comprises receiving, at an email gateway an inbound email message from an external network, determining whether the email message is to be quarantined, restructuring the email message, if the message is to be quarantined, as an attachment for a new email, constructing a new email message addressed to a secure repository on a secure pathway, attaching the restructured email message to the new email message and releasing the new email message that includes the restructured email message as an attachment. Threat analysis is performed by one or more security services in the secure pathway. Suspicious emails and analysis results are stored in the secure repository.