GLIMPS Malware

Detection and characterization of new threats, even on your industrial systems

Our Malware analysis tool is based on a code detection technology, independent of the compilation options, the toolchain used and even the architecture (x86, ARM, PPC, MIPS…)! Thanks to that, we are able to detect unknown threats on non-standard systems (IoTs, cameras, PLCs…) because they have common code with known sources in a more classical environment.

Because our technology is also designed to detect the code of a binary in multiple forms, it can detect a threat that specifically targets your business.

Use case examples :  

Security solution on your email or web proxy

Assist SOC analysts

Threat Intel

Centralized files analysis platform

Saving time at each step of the process

The table below summarizes the added value of GLIMPS-Malware at the different stages of malware detection and analysis.

How it works

Correlation by code conceptualalization

By conceptualizing the compiled code, we can go back to a level of abstraction similar to the level of the source code, ignoring the modifications induced by the compilation, the target architecture, etc… We can therefore find the Intellectual Property presence of an attacker group in a file, which allows us to immediately detect and characterize the threat.

In the figure above, an attacker group, “APT 42”, possesses a “private” code. Once used in several malware and campaigns, it is very difficult to trace back to this common code. Thanks to our technology, we transform the different malwares exploited by this group into “Concept Code”, and since their own characteristics are independent of the toolschains and architectures used, we are able to identify the presence of common code between these two branches and to affirm that the attacker necessarily possesses a common source code used to produce them: the two subfamilies then necessarily come from the same entity! Of course, before, we have removed any concept code associated with public source code (runtimes, open-source codes…) that can be found in many malwares.

Paired with a high-performance orchestrator

GLIMPS-Malware is not just a technological brick! In order to be able to support the flows that you may be confronted with, we have integrated it in a powerful orchestrator, thanks to which we have already been able to analyze millions of files. The capacity of the scanning platform is totally adjustable to your needs, whether you want to scan 10 binaries per day or the millions of files on your Internet gateway. In addition, it also allows you to take advantage of numerous additional plugins: antivirus, extraction plugins and document analysis… Thanks to this, you immediately have a complete tool that provides a detailed and powerful report of the file analysis and has an automatic alert capacity that can be integrated into your SIEM solution.


Digital Square
1137A Avenue des Champs Blancs,
35510 Cesson-Sévigné