Abstract: Embodiments of the invention provide a method for disassembling firmware. A binary firmware image is received. If portions of the image are compressed, those portions are uncompressed. The binary firmware image is divided using a sliding window into a plurality of segments. Segments of the plurality of segments are classified as file types. Code file types are identified among the classified segments of the plurality of segments. Code architectures of the identified code file types of the classified plurality of segments are then classified. At least the classified code file types of the binary firmware image are disassembled based on the classified code architecture. The disassembled binary firmware image is evaluated for malware.

Abstract: A method, apparatus and program product are provided to recognize malware in a computing environment having at least one computer. A sample is received. An automatic determination is made by the at least one computer to determine if the sample is malware using static analysis methods. If the static analysis methods determine the sample is malware, dynamic analysis methods are used by the at least one computer to automatically determine if the sample is malware. If the dynamic analysis methods determine the sample is malware, the sample is presented to a malware analyst to adjudicate the automatic determinations of the static and dynamic analysis. If the adjudication determines the sample is malware, a response action is initiated to recover from or mitigate a threat of the sample.

Abstract: A method, apparatus and program product are provided to recognize malware in a computing environment having at least one computer. A sample is received. An automatic determination is made by the at least one computer to determine if the sample is malware using static analysis methods. If the static analysis methods determine the sample is malware, dynamic analysis methods are used by the at least one computer to automatically determine if the sample is malware. If the dynamic analysis methods determine the sample is malware, the sample is presented to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses. If the adjudication determines the sample is malware, a response action is initiated to recover from or mitigate a threat of the sample.