Spatial Analysis is a recently proposed idea of using static analysis based byte sequences characterized by statistical features fused and graphed into 2-D grids where new exploitable information is obtained. The new information is the spatial structure similarity of byte sequences located with files believed to be similar and related. The structure is generated using simple fixed size sliding windows moving along the byte sequences of a file and calculating features (mean and standard deviation). These features are used to determine matches of highly similar but not necessarily exact byte sequences whose features map them into grid cell regions thereby indicating "nearness."
The idea of being able to discern malware family members based on the similarity of byte sequences could prove invaluable as a quick assessment tool to the analyst currently using dynamic and static techniques. We take a first look at the validity of some of the assumptions Spatial Analysis makes to see if there is any merit to the idea and present our initial findings.