{"id":5902,"date":"2023-10-04T07:27:42","date_gmt":"2023-10-04T07:27:42","guid":{"rendered":"\/cybersecurity-blog\/?p=5902"},"modified":"2023-10-04T09:58:54","modified_gmt":"2023-10-04T09:58:54","slug":"static-discovery-update","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/","title":{"rendered":"We Redesigned Static Discovery: Introducing In-Depth Static Analysis for Various File Types\u00a0"},"content":{"rendered":"\n<p>Static Discovery isn&#8217;t new in <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>, but we&#8217;ve ramped up its capabilities for better static analysis across diverse file types.&nbsp;<\/p>\n\n\n\n<p>Static discovery is one of foundational elements in malware analysis, acting as an initial screening process that examines the binary or file. This step enables analysts to flag potential threats without actually executing the malicious code.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN&#8217;s Static Discovery is now modular&nbsp;<\/h2>\n\n\n\n<p><strong>The architecture of Static Discovery has been updated to support modules<\/strong>. These are specialized extractors designed for different file types.&nbsp;<\/p>\n\n\n\n<p>This new setup lets us rapidly deploy new modules. As a result, Static Discovery can now easily handle a wider range of file types.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"618\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1024x618.png\" alt=\"\" class=\"wp-image-5904\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-1024x618.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-300x181.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-768x464.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-370x223.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-270x163.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1-740x447.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1.png 1042w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Preview of a file from a .ZIP archive, extracted by a module&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Modules we&#8217;re launching with&nbsp;<\/h2>\n\n\n\n<p>At launch, the supported modules include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PDF Module<\/strong>: Extracts headers, HEX values, images, and scripts from PDF files. Comes with an additional PDF tab for URLs and scripts, including JavaScript and Bash.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"618\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1024x618.png\" alt=\"\" class=\"wp-image-5905\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-1024x618.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-300x181.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-768x464.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-370x223.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-270x163.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3-740x447.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-3.png 1045w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>LNK Module<\/strong>: Analyses LNK files, revealing commands and potential malicious scripts. LNK files are Windows shortcut files that can point to an executable or even connect to remote servers and download payloads. This module is crucial because these actions may not spawn a new process, thus evading detection in dynamic analysis. You can see how LNK module works in <a href=\"https:\/\/app.any.run\/tasks\/ccdf819e-be33-4ce5-b3b1-c3ec919badd5\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">this task<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"621\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1024x621.png\" alt=\"\" class=\"wp-image-5907\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-1024x621.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-300x182.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-768x466.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-370x224.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-270x164.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2-740x449.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-2.png 1041w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MSG\/Email Files Module<\/strong>: Offers an email preview and lists metadata and IOCs. Spot spam and hidden malicious elements faster.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OneNote Module<\/strong>: This module focuses on OneNote files, extracting images, headers, and embeded files. It aids in the initial analysis of infection vectors. In <a href=\"https:\/\/app.any.run\/tasks\/7a17eb0c-3abc-408a-ac52-32b51def1064\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">this task<\/a>, you can see how it allows us to preview the content of the .bat file and analyze it without executing the code.\u00a0<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"625\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-1024x625.png\" alt=\"\" class=\"wp-image-5919\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-1024x625.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-300x183.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-768x469.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-370x226.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-270x165.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate-740x452.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/staticupdate.png 1042w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ZIP Module<\/strong>: Unpacks various archive formats, such as RAR, ZIP, tar.gz, and .bz2. Complements the OLE module for Microsoft files.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Office module<\/strong>: Extracts components like macros, scripts, images, and payloads from Office docs to help you spot and analyze potentially malicious documents.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>In the screenshot, there&#8217;s an archive containing an executable file attached to an Office document. This executable is identified as the NanoCore RAT. View it in ANY.RUN in <a href=\"https:\/\/app.any.run\/tasks\/104afca3-3e4d-48d5-ac81-389ee87435ae\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">this task<\/a>.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"623\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1024x623.png\" alt=\"\" class=\"wp-image-5903\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-1024x623.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-300x183.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-768x467.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-370x225.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-270x164.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-740x450.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image.png 1045w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Look forward to more modules coming to ANY.RUN<\/strong>. They&#8217;ll expand the variety of file types you can analyze with Static Discovery.&nbsp;<\/p>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nStreamline your <span class=\"highlight\">static and dynamic<\/span> malware analysis with ANY.RUN sandbox&nbsp;\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/#register\" rel=\"noopener\" target=\"_blank\">\nSign up for free\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">How to get started with Static Discovery modules&nbsp;<\/h2>\n\n\n\n<p><strong>The platform auto-detects the file type and activates the relevant modules<\/strong>. In some cases, multiple modules may run simultaneously to extract more data.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"628\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-1024x628.png\" alt=\"\" class=\"wp-image-5913\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-1024x628.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-300x184.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-768x471.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-370x227.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-270x166.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic-740x454.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/treestatic.png 1045w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">The tree on the left shows that multiple modules are in action&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p><strong>How to navigate module tabs based on their functions?<\/strong>&nbsp;<\/p>\n\n\n\n<p>Modules can have varied tabs tailored to their specific roles. Toggle between these tabs to dive into the data.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Main<\/strong>: Check and copy basic process info.<\/li>\n\n\n\n<li><strong>HEX<\/strong>: Browse or search for key details in both HEX and Text formats.&nbsp;<\/li>\n\n\n\n<li><strong>Preview<\/strong>: See the content preview (a document or PDF)&nbsp;&nbsp;<\/li>\n\n\n\n<li><strong>PE<\/strong>: Access in-depth data.&nbsp;<\/li>\n\n\n\n<li><strong>PDF<\/strong>: Examine PDF files for embedded elements&nbsp;<\/li>\n\n\n\n<li><strong>LNK<\/strong>: Analyze LNK files to reveal potential threats&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>How do I open the Static Discovering window?<\/strong>&nbsp;<\/p>\n\n\n\n<p>To access the Static Discovering window, you can click on:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Process name<\/strong>: Located in the main interface.&nbsp;<\/li>\n\n\n\n<li><strong>HTTP requests&#8217; content<\/strong>: Found in the network section.&nbsp;<\/li>\n\n\n\n<li><strong>Files modifications&#8217; content<\/strong>: Located in the files section.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Nested Modules Help Extract Deeper Data<\/h2>\n\n\n\n<p>In <a href=\"https:\/\/app.any.run\/tasks\/c8bdc95a-0906-4529-acf5-2db4e7a8aded\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=task\" target=\"_blank\" rel=\"noreferrer noopener\">this example<\/a>, we can see how multiple modules were chained together to extract a deeply nested file.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"625\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-1024x625.png\" alt=\"\" class=\"wp-image-5908\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-1024x625.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-300x183.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-768x469.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-370x226.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-270x165.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4-740x452.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2023\/10\/image-4.png 1038w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Modules enable you to examine both files in an archive and their nested components like macros, embedded images, and more. The preview shows a macro from an XLSB file that&#8217;s inside an archive, which itself is embedded in an OLE object within a PowerPoint file.&nbsp;<\/p>\n\n\n\n<p>To make it easier to view, you can adjust the tree scale using the zoom keys located at the bottom left of the Static Discovery window.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping up<\/h2>\n\n\n\n<p>We&#8217;re rolling out these upgrades to give you a more powerful, efficient tool for your malware analysis toolkit. Now you can deep-dive into a wider range of file types, extract richer data, and make quicker assessments \u2014 all without compromising on speed or usability. It&#8217;s static analysis, but supercharged, in true ANY.RUN fashion.&nbsp;<\/p>\n\n\n\n<p>Got thoughts on this update? Leave your feedback in the comments. We&#8217;re eager to hear from you.&nbsp;<\/p>\n\n\n\n<p><strong>About ANY.RUN<\/strong>&nbsp;<\/p>\n\n\n\n<p>ANY.RUN is a cloud malware sandbox that handles the heavy lifting of malware analysis for SOC and DFIR teams. Every day, 300,000 professionals use our platform to investigate incidents and streamline threat analysis.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>Request a demo today and enjoy 14 days of free access to our Enterprise plan.&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article_bottom&amp;utm_campaign=staticmodulesupdate&amp;utm_content=trial\" target=\"_blank\" rel=\"noreferrer noopener\">Request demo \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Static Discovery isn&#8217;t new in ANY.RUN, but we&#8217;ve ramped up its capabilities for better static analysis across diverse file types.&nbsp; Static discovery is one of foundational elements in malware analysis, acting as an initial screening process that examines the binary or file. This step enables analysts to flag potential threats without actually executing the malicious [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":5910,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[34,55,56],"class_list":["post-5902","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-malware-analysis","tag-release","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>In-Depth Static Analysis for Various File Types<\/title>\n<meta name=\"description\" content=\"The ANY.RUN sandbox lets you conduct in-depth static analysis of files of different types, including PDF, RAR, ZIP, LNK, OneNote, and more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Ananin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\"},\"author\":{\"name\":\"Vlad Ananin\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"We Redesigned Static Discovery: Introducing In-Depth Static Analysis for Various File Types\u00a0\",\"datePublished\":\"2023-10-04T07:27:42+00:00\",\"dateModified\":\"2023-10-04T09:58:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\"},\"wordCount\":841,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"malware analysis\",\"release\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\",\"name\":\"In-Depth Static Analysis for Various File Types\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2023-10-04T07:27:42+00:00\",\"dateModified\":\"2023-10-04T09:58:54+00:00\",\"description\":\"The ANY.RUN sandbox lets you conduct in-depth static analysis of files of different types, including PDF, RAR, ZIP, LNK, OneNote, and more.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"We Redesigned Static Discovery: Introducing In-Depth Static Analysis for Various File Types\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"Vlad Ananin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g\",\"caption\":\"Vlad Ananin\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"In-Depth Static Analysis for Various File Types","description":"The ANY.RUN sandbox lets you conduct in-depth static analysis of files of different types, including PDF, RAR, ZIP, LNK, OneNote, and more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/","twitter_misc":{"Written by":"Vlad Ananin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/"},"author":{"name":"Vlad Ananin","@id":"https:\/\/any.run\/"},"headline":"We Redesigned Static Discovery: Introducing In-Depth Static Analysis for Various File Types\u00a0","datePublished":"2023-10-04T07:27:42+00:00","dateModified":"2023-10-04T09:58:54+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/"},"wordCount":841,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["malware analysis","release","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/","url":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/","name":"In-Depth Static Analysis for Various File Types","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2023-10-04T07:27:42+00:00","dateModified":"2023-10-04T09:58:54+00:00","description":"The ANY.RUN sandbox lets you conduct in-depth static analysis of files of different types, including PDF, RAR, ZIP, LNK, OneNote, and more.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/static-discovery-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"We Redesigned Static Discovery: Introducing In-Depth Static Analysis for Various File Types\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"Vlad Ananin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564ed55b05884a34062108096c0ed973?s=96&d=mm&r=g","caption":"Vlad Ananin"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/vlad-ananin\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5902"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=5902"}],"version-history":[{"count":4,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5902\/revisions"}],"predecessor-version":[{"id":5920,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/5902\/revisions\/5920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/5910"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=5902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=5902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=5902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}