Endpoint from VirusTotal Now Offers Description of Malicious Code for Analyst's Query Demands
VirusTotal, a leading platform for malware analysis, has launched a new endpoint for its Code Insight platform. This innovative addition is designed to streamline reverse engineering workflows for malware analysts, providing them with instant insights without leaving their reverse engineering environment.
The new endpoint, named , accepts Base64-encoded code blocks and metadata. It pre-analyzes disassembled or decompiled code, offering a concise overview of the function's purpose and a detailed breakdown of control flow, API calls, string references, and potential obfuscation techniques.
One of the key features that differentiate Code Insight from standalone static analysis is its chaining capability. This feature allows the endpoint to "remember" and refine its insights based on user-provided feedback. As VirusTotal refines the service, analysts can expect broader format support, enhanced accuracy, and deeper contextual awareness.
The service builds a contextual model that learns as the analyst iterates, providing a more accurate and comprehensive analysis over time. Each plugin invocation sends the entire notebook history, enabling the endpoint to produce richer, more accurate analyses.
Early adopters have reported significant reductions in manual triage time, with Code Insight reducing repetitive tasks and accelerating threat discovery. The new endpoint marks a significant leap in integrating LLM-powered AI into traditional reverse engineering tools.
VirusTotal updated its VT-IDA Plugin to leverage the new endpoint within the IDA Pro interface. Analysts can approve or modify the summary and description, capturing corrections or additional context. Approved analyses populate a notebook that persists across sessions, ensuring institutional knowledge is retained.
The response from the security community has been overwhelmingly positive. Code Insight is praised for its ability to streamline reverse engineering workflows, provide instant insights, and reduce manual triage time. Early feedback suggests that the new endpoint will be a valuable addition to the toolkit of malware analysts worldwide.
However, the organization developing the new API endpoint for automated code block analysis is not explicitly mentioned in the available search results. There is no direct information about the integration into the reverse engineering tool IDA Pro either. Despite this, the potential benefits of the new endpoint are clear, and it is expected to make a significant impact on the field of malware analysis.
