What does the Deep Discovery Analyzer use to evaluate potentially malicious samples?

The Deep Discovery Analyzer employs both static analysis and behavior simulation to evaluate potentially malicious samples. Static analysis involves examining the characteristics of a file, such as its code structure, without executing it. This technique helps identify known malware signatures and can uncover vulnerabilities based on the file's attributes.

Behavior simulation, on the other hand, involves executing the file in a controlled environment to observe its behavior. This allows the analyzer to capture how the sample interacts with the system and network, including any attempts at exploitation, communication with external servers, or other potentially harmful activities. The combination of these two methods offers a comprehensive evaluation, as static analysis can quickly rule out benign samples or flag suspicious ones, while behavior simulation provides real-time insights into how the sample might operate if it were to infect a system.

Using only one of these methods would not provide a complete picture; static analysis alone may miss zero-day exploits or modified malware, while behavior simulation without static analysis could result in a longer evaluation process. Therefore, leveraging both techniques ensures a more robust and accurate assessment of potential threats.