binary-analysis
Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Best use case
binary-analysis is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "binary-analysis" skill to help with this workflow task. Context: Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/binary-analysis/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How binary-analysis Compares
| Feature / Agent | binary-analysis | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Analyze binary files (exe, dll, sys, bin, ocx, scr, cpl, drv) to assess if they are malicious, perform decompilation, extract strings/imports/exports, detect malware, and provide threat assessment. Use this skill when user asks to analyze, examine, check, or assess any binary file, asks if a file is malicious/suspicious/safe, or provides a file path to a binary. Trigger for phrases like "Is [file] malicious?", "Analyze [file]", "What does [binary] do?", or any request involving binary file analysis.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
AI Agent for SaaS Idea Validation
Use AI agent skills for SaaS idea validation, market research, customer discovery, competitor analysis, and documenting startup hypotheses.
SKILL.md Source
# Binary Analysis This skill enables deep analysis of suspicious binary files using remote Ghidra tools and sandbox environments. You HAVE TO upload binary files to the remote first before calling any Ghidra or sandbox tools. ## When to Use This Skill Use this skill when you need to: - Analyze suspicious executable files (.exe, .dll, .sys) - Decompile binaries to understand their behavior - Extract strings, imports, and exports from files - Identify malware capabilities and techniques - Perform static analysis on unknown binaries - Investigate potential trojans, ransomware, or other malware - Generate threat assessment reports ## Workflow ### Step 1: Perform Analysis Use available Ghidra MCP tools to analyze the uploaded binary: - **Decompilation**: Convert assembly to pseudo-C code - **String Analysis**: Extract readable strings for IoC identification - **Import/Export Analysis**: Identify API calls and dependencies - **Function Analysis**: Map out program logic and control flow - **Behavioral Indicators**: Identify suspicious patterns (registry manipulation, network calls, process injection) ### Step 2: Generate Report Provide a comprehensive analysis including: - File metadata (size, hash, compilation timestamp) - Identified capabilities (network, file system, registry, process manipulation) - Suspicious indicators - Malware classification (if applicable) - Recommended actions ## Analysis Techniques ### Static Analysis - PE header examination - Section analysis (.text, .data, .rdata, .rsrc) - Import Address Table (IAT) review - String artifact extraction - Code signature verification ### Behavioral Indicators Look for: - Anti-debugging techniques - Obfuscation/packing - Suspicious API calls (CreateRemoteThread, WriteProcessMemory, etc.) - Network communication patterns - Persistence mechanisms - Privilege escalation attempts ### Malware Classification Common categories: - Trojan/RAT (Remote Access Trojan) - Ransomware - Adware/PUP (Potentially Unwanted Program) - Rootkit - Worm - Spyware - Browser hijacker ## Safety Considerations - **Never execute** the binary on local system - All analysis occurs in remote sandbox environment - Files are automatically isolated - Use Ghidra static analysis tools only - Document all findings for incident response ## Output Format ```markdown ## Binary Analysis Report **File Information** - Name: [filename] - Size: [bytes] - MD5: [hash] - SHA256: [hash] **Analysis Summary** [Brief overview of findings] **Detailed Findings** 1. [Finding category] - Evidence: [specific data] - Significance: [what it means] **Threat Assessment** - Severity: [Critical/High/Medium/Low] - Classification: [malware type] - Confidence: [High/Medium/Low] **Recommendations** 1. [Action item] 2. [Action item] ``` ## Example Usage User: "I found a suspicious file called setup_installer.exe. Can you analyze it?" Response: 1. Run Ghidra analysis on the full local path of setup_installer.exe 2. Extract strings, imports, and decompiled code 3. Identify malicious behavior (if any) 4. Provide detailed report with recommendations
Related Skills
log-analysis
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
wireshark-network-traffic-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
wireshark-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "dete...
team-composition-analysis
This skill should be used when the user asks to "plan team structure", "determine hiring needs", "design org chart", "calculate compensation", "plan equity allocation", or requests organizational design and headcount planning for a startup.
stride-analysis-patterns
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
market-sizing-analysis
This skill should be used when the user asks to "calculate TAM", "determine SAM", "estimate SOM", "size the market", "calculate market opportunity", "what's the total addressable market", or requests market sizing analysis for a startup or business opportunity.
error-diagnostics-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
error-debugging-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
binary-analysis-patterns
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
azure-ai-vision-imageanalysis-py
Azure AI Vision Image Analysis SDK for captions, tags, objects, OCR, people detection, and smart cropping. Use for computer vision and image understanding tasks. Triggers: "image analysis", "computer vision", "OCR", "object detection", "ImageAnalysisClient", "image caption".
azure-ai-vision-imageanalysis-java
Build image analysis applications with Azure AI Vision SDK for Java. Use when implementing image captioning, OCR text extraction, object detection, tagging, or smart cropping.
vision-analysis
Analyze, describe, and extract information from images using the MiniMax vision MCP tool. Use when: user shares an image file path or URL (any message containing .jpg, .jpeg, .png, .gif, .webp, .bmp, or .svg file extension) or uses any of these words/phrases near an image: "analyze", "analyse", "describe", "explain", "understand", "look at", "review", "extract text", "OCR", "what is in", "what's in", "read this image", "see this image", "tell me about", "explain this", "interpret this", in connection with an image, screenshot, diagram, chart, mockup, wireframe, or photo. Also triggers for: UI mockup review, wireframe analysis, design critique, data extraction from charts, object detection, person/animal/activity identification. Triggers: any message with an image file extension (jpg, jpeg, png, gif, webp, bmp, svg), or any request to analyze/describ/understand/review/extract text from an image, screenshot, diagram, chart, photo, mockup, or wireframe.