UnpacMe 2023 Year In Review: Malware Intel For Everyone

At the beginning of 2023 UnpacMe was strictly a malware unpacking platform with the capability to identify common malware families, and extract malware configuration information. By December 2023, we had transformed into an malware intelligence and hunting platform with a freemium model that allows us to provide the same powerful tools to enterprise clients and individual researchers alike. A few of our year's highlights can be found below.

The Secret Is Dogfood

At UnpacMe we dogfood everything. There are no secret tools, just ones that we haven't released yet!

Experimental Features in Account Settings

For example, when we began maintaining our own set of internal malware identification YARA rules we quickly realized that the task would be much easier if we could validate our rules by searching our own corpus of malware instead of relying on pricy third parties.

Our first approach was to use open source tools to run batch YARA scans across our entire five-year malware corpus. Even with optimizations this took hours to complete. The time delay prevented agile adjustment to the rules and was generally a bad workflow for creating quick rules.

We went back to the drawing board and developed an entirely new way scanning based on a divide-and-conquer principle. We split our repository into multiple shards based on internal criteria. This allowed us to get a full year of data into a 2-minute search. There are some limitations with this approach but we found it provided an excellent workflow for quick development and testing of new YARA rules.

We took the same approach when building our full corpus binary search and our IDA Byte Search plugin which was born out of a frustration of wanting to quickly check the uniqueness (and relations) of functions directly from IDA.

So far everyone seems to like our dogfood with very positive feedback from our existing customers, and the onboarding of many new ones, but we will save that for the next update...

A Note About Business

This is our fifth year of operating the UnpacMe service, and the second year that we have operated it as a business under OpenAnalysis Inc. As many of you know we are a fully bootstrapped company with a staff of two. We don't pay for marketing and we don't chase sales which means our reputation spreads by word-of-mouth, and we only onboard customers who really need and enjoy using UnpacMe. These are customer we can count on, and in 2023 they grew by 5x with a 500% increase in ARR.

We have also achieved a 50% reduction in cost of revenue through a significant overhaul of our systems architecture and cloud deployments. Our efforts focused on data deduplication and optimization of containers, many of which had been in operation unchanged since 2019!

Overall our ARR growth coupled with the cost reduction refactor has given us a lot more than just bootstraps for the charge into 2024. We haven't bought a boat yet, but we did buy some GPUs. The future for UnpacMe is bright!

What's Next For 2024

We feel Roadmaps are the antithesis of an agile workflow, we hate them. But we do have some broad strokes of what to expect in 2024.

TotalRecall YARA Hunts

Our original YARA hunting idea, batch based YARA scanning over five years of unpacked labeled data, no limitations. We almost got this out the door in 2023 but we still have a bit of optimization and indexing to complete. It is first up for 2024.

STREAMs

STREAMs will add user-configurable intel streams to our platform. This will complete our vision of a turn-key intel shop in a box that we have been working toward for the past year. In 2023 we built an early stage POC that has us very excited, but we won't say more until we have something to demo.

Expanded File Support for Unpacking

We haven't forgotten about our roots and we hear you; we need to support more file types. Since our inception our focus has been unpacking PE binaries, but we are aware of the growing need to support earlier stages in the delivery chain. In the second half of 2024 we will be expanding support for containers such has ISO, MSI, and we will begin to support documents and scripts.


Thank you everyone for making 2023 such an amazing year for us and a special thanks to the resellers who partnered with us and fought for deals on our behalf, this would not be possible without you!

We have great things in store this year, happy unpacking 2024 🚀