Skip to content

Assemblyline services

Services currently installed on a system can be found under Help > Service Listing.

This is the list of all the services that are bundled with Assemblyline and that are maintained by the Assemblyline team:

Service Name Speciality Description
APIVector Windows binaries Extracts library imports from windows PE files or memory dump to generate api vector classification.
APKaye Android APK APKs are decompiled and inspected. Network indicators and information found in the APK manifest file are displayed
AntiVirus Anti-virus Generic ICAP client to integrate with most Anti-virus enterprise scanners
Batchdeobfuscator Deobfuscation Deobfuscate batch file through variable resolution
CAPA Windows binaries CAPA open-source tool integration
Characterize Entropy analysis Partitions the file and calculates visual entropy for each partition, extract Exif metadata
ConfigExtractor IoC extraction Extract malware configuration file, allowing to get list of C2, encryption material etc.
CAPE Sandbox Provides dynamic malware analysis through sandboxing.
DeobfuScripter Deobfuscation Static script de-obfuscator. The purpose is not to get surgical de-obfuscation, but rather to extract obfuscated IOCs.
ELF Linux binaries Extracts attributes (sections, segments, ...) from ELF files using LIEF
ELFPARSER Linux binaries ELFParser open-source tool integration
EmlParser Email Parse emails using GOVCERT-LU eml_parser library while extracting header information, attachments, URIs
Espresso Java All classes are extracted, decompiled, and analyzed for malicious behaviour
Extract Compressed file This service extracts embedded files from file containers (like ZIP, RAR, 7z, ...)
Floss IoC extraction Automatically extract obfuscated strings from malware using FireEye Labs Obfuscated String Solver
FrankenStrings IoC extraction This service performs file and IOC extractions using pattern matching, simple encoding decoder and script de-obfuscators
Intezer File genome identification Interface between Intezer Analyze API 2.0, submits file for analysis if hash is not present in Intezer database
IPArse Apple IOS Analyze Apple apps
JsJaws Javascript Analyze malicious Javascript
MetaPeek Meta data analysis Checks submission metadata for indicators of potential malicious behaviour (double file extensions, ...)
Oletools Office documents This service extracts metadata, network information and reports anomalies in Microsoft OLE and XML documents using the Python library py-oletools by Philippe Lagadec
Overpower PowerShell De-obfuscate PowerShell scripts
PDFId PDF This service extracts metadata from PDFs using Didier Stevens PDFId & PDFParse
PE Windows binaries Extract attributes (imports, exports, sections, ...) from PE files using LIEF
PeePDF PDF This service uses the Python PeePDF library information from PDFs including JavaScript blocks which it will attempt to de-obfuscate, if necessary, for further analysis
PixAxe Images Extract text from images
Safelist Safelisting Allow for hash, IoC and signature safelisting, including support for downloading NSRL
Sigma Eventlog signatures Scan event logs (e.g. from sandbox or a compromised host) using Sigma
Suricata Network signatures Scan network capture (.pcap) submitted and extracted from analysis via Suricata
Swiffer Adobe Shockwave This service extracts metadata and performs anomaly detection on Adobe Shockwave (.swf) files
TagCheck Tag signatures YARA signatures on Assemblyline Tags (build your own signatures to hit on specific tags)
TorrentSlicer Torrent files Extracts information from torrent files
Unpacker UPX Unpacker This service unpacks UPX packed executables for further analysis
Unpac.me Unpacker Integrate with unpac.me
URLCreator URL File creation Create URI files from URLs tags that are seemingly malicious
URLDownloader URL Fetching Fetches URLs from URI files
ViperMonkey Office documents ViperMonkey is a VBA Emulation engine by https://linktr.ee/decalage
VirusTotal Anti-virus This service checks (and optionally submits) files/URLs to VirusTotal for analysis.
XLMMacroDeobfuscator Office documents Analyze Excel 4.0 macros
YARA File signatures Signature for file

End of life, no longer actively supported:

Service Name Speciality Description
Cuckoo Sandbox Provides dynamic malware analysis through sandboxing.
IntezerStatic File genome identification Interface between Intezer Analyze API 2.0, performs hash lookups of submitted file
MetaDefender Anti-virus Service for OPSWAT MetaDefender anti-virus (multi-engine)
PEFile Windows binaries This service extracts attributes (imports, exports, section names, ...) from windows PE files using the Python library pefile
VirusTotalDynamic Anti-virus Checks and actively sends files to VirusTotal for analysis.
VirusTotalStatic Anti-virus Checks VirusTotal for existing analysis about submitted file.