AIMA allows human interaction optionally . When you upload any file for scanning, you can access the virtual machine via the AIMA interface, intervene in real time in the analysis process and results in real time and customize YARA rule sets.
Analysis engine owned by AIMA is stealth and can’t be detected by malware. It bypasses all malware avoidance techniques and deeply analyzes the behavior of malware. Records all malware activities in the system.
AIMA classifies the functions of malware according to the criticality level with its ML-based analysis and reputation engine. Determines where and how related functions are used. Defines variants.
AIMA captures and analyzes all network activity. It can decrypt encrypted traffic and find all items related to malware. It summarizes the network traffic in detail and shows the domains and IP addresses used by malware.
If you use AIMA in full automatic mode, human simulation bypasses the malware’s heuristic anti-analysis techniques. (Like action based)
AIMA can generate reports in many formats for more efficient use by analysts, SOC & IR teams, integrated products.