Ftguess is an open-source tool designed to identify file formats in a more precise and robust way than traditional tools such as file/libmagic and TrID or even the recent Magika, especially in the context of malware detection and analysis. Indeed in some cases, those tools may be fooled by specially crafted files or polyglots.

Such tools are often used by malware detection and analysis platforms to decide how to process files. Malware may go undetected if the file format is wrongly identified, for example if a malicious PDF is processed as an innocuous HTML file.
Ftguess implements a new algorithm designed to overcome this issue.

This presentation will show several real cases of malware wrongly identified by malware analysis platforms, and how ftguess can be used to improve detection.