How does WildFire analyze files that are encrypted using custom methods?

WildFire analyzes files that are encrypted using custom methods by decompressing and decrypting the file inside a dynamic analysis environment. This approach is essential because it allows WildFire to examine the content of the file thoroughly in a controlled setting. In a dynamic analysis environment, files are executed to observe their behavior, and any encrypted data can be decrypted as part of this process, enabling the detection of potential threats that may otherwise remain hidden.

This method ensures that WildFire can assess whether the file poses a risk, regardless of the encryption techniques used, by decrypting it and analyzing the underlying malicious code or behavior. Dynamic analysis is crucial in this context because it ensures comprehensive inspection of file behavior, which is vital for accurately identifying threats that exploit custom encryption methods.