In a recent post titled “From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis”, published on the Google Cloud Security blog, we explore the capabilities of Gemini 1.5 Pro, which enhances malware analysis by processing up to 1 million tokens. This advancement allows the tool to analyze large amounts of disassembled or decompiled code in a single pass, providing a complete view of the malware’s logic to produce verdicts and summary reports. The blog post highlights practical applications of this approach, using well-known malware such as WannaCry and also entirely new and previously undetected malware. These examples show that Gemini 1.5 Pro’s reports are not based on pre-trained data of those specific samples but on its ability to analyze the code itself. For more details on how Gemini 1.5 Pro operates in malware analysis, we encourage you to read the complete post here.
At VirusTotal, Gemini 1.5 Pro has been effectively utilized in Code Insight to process macros in Office documents that exceed the token limits of traditional models. For instance, “PLEX.xlam” is the most recent file that, at the time of writing this paragraph, required the use of Gemini 1.5 Pro due to its long content. This file was flagged by several antivirus engines and two sandboxes. Code Insight conducted an analysis by extracting 34 macros, which resulted in 138,332 tokens. The detailed report from Code Insight provides a comprehensive understanding of the macros’ functionalities. This analysis aids in clarifying the intentions behind these macros, helping to determine whether the security alerts indicate actual threats or potential false positives.
Read the original article: