Mandiant Red Curtain (MRC) is free software that evaluates files from potentially compromised computer systems, helping incident responders narrow the scope of an investigation quickly and efficiently. MRC examines executable files (e.g., .exe, .dll, and so on) to determine how suspicious they are based on a set of criteria. It examines multiple aspects of an executable, looking at things such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat “score.” This score can be used to identify whether a set of files is worthy of further investigation.

“Like other MANDIANT free software offerings, MANDIANT Red Curtain is intended to make the lives of incident responders a little bit easier,” commented Dave Merkel, Vice President of Products for MANDIANT. “While MRC can’t resolve every incident on its own, it provides responders with another powerful piece of software to add to their arsenals, reducing the time it takes to find evil.”