// tool reference · Incident & Response
AI Reverse Engineering Pro
Static, no-execution binary triage: capability, IOCs, next step.
What it does
Statically inspects a suspicious binary or blob: strings, imports, embedded URLs and IPs, packer indicators, and capability inference. The sample is never executed and never written to disk.
When to use it
- A sample arrived and you need a fast read before deciding whether to escalate to a sandbox.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| (file upload) | file | optional | Sample file, up to —. |
| pasted | textarea | optional | Or paste hex/base64. |
| use_ai | checkbox | optional | AI capability inference. |
| authorized | checkbox | required | You confirm you may analyse this sample. |
What you get back
Extracted indicators and inferred capability.
How it works
STATIC ONLY. The upload is validated with is_uploaded_file(), read into MEMORY, string-extracted, and discarded. Nothing is written to disk and nothing is executed — this is the design decision that makes an upload feature safe on shared hosting. It is not a substitute for a sandbox.
Limits
Read live from the platform configuration.
| Free | — (Pro only) |
| Pro | — scans |
| Max file | — bytes |
| Strings extracted | — |
| Strings sent to AI | — |
Privacy
The sample is never persisted. Extracted strings may be sent to the AI provider when AI is enabled.
Standards
MITRE ATT&CK