[Blackhat Europe tool] avclassplusplus: Massive Malware Labeling Tool




AVCLASS++: Yet Another Massive Malware Labeling Tool

avclassplusplus is an appealing complement to AVCLASS [1], a state-of-the-art malware labeling tool.

AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital part of shepherding a dataset. AVCLASS, a tool developed for this purpose, takes as input VirusTotal reports and returns labels that aggregate scan results of multiple anti-viruses. And now, AVCLASS++ is shipped with the brand-new capacities!

In a nutshell, AVCLASS++ enables the following operation:

  • Input:
    • VirusTotal report(s)
    • Malware binar(y|ies) (optional)
  • Output:
    • Malware label(s) (family name)


AVCLASS++ is developed for freeing you from the task of worrying about what families malware samples are. The salient features of AVCLASS++ are as follows:

  • Automatic. AVCLASS++ removes manual analysis limitations on the size of the input dataset.
  • Vendor-agnostic. AVCLASS++ operates on the labels of any available set of AV engines, which can vary from sample to sample.
  • Cross-platform. AVCLASS++ can be used for any platforms supported by AV engines, e.g., Windows or Android malware.
  • Does not require executables. AV labels can be obtained from online services like VirusTotal using a sample’s hash, even when the executable is not available. Yet, AVCLASS++ has also a potential that can improve label accuracy if there is an executable.
  • Quantified accuracy. The original AVCLASS had evaluated [1] on five publicly available malware datasets with ground truth. AVCLASS++ is further tuned to perform under adverse conditions.
  • Open-source. We are happy to release AVCLASS++ to the community. Prithee, use it for the further development of prompt security operation and reproducible security research!

Install && Use

Copyright (c) 2016 MaliciaLab @ IMDEA Software Institute

Share on Facebook

Share on Twitter

The post [Blackhat Europe tool] avclassplusplus: Massive Malware Labeling Tool appeared first on Penetration Testing.


Leave a Reply

Your email address will not be published. Required fields are marked *