Aegis-CDR deconstructs malicious PDF and DOCX files into safe atomic components, surgically stripping threats using Groq-powered LLaMA 3.3 intelligence.
Traditional antivirus asks: "Is this file bad?"
Aegis asks: "What part of this is active content?"
Instead of relying on signatures, we assume every file is hostile and rebuild it from mathematically safe primitives.
Text, images, and formatting remain identical. Only the executable danger (Macros, JS, OLE) is erased.
File → Signature Scan
✗ Fails on Obfuscation
✗ Reactive (Zero-Day Vulnerable)
~99% Effective Rate
File → Atomic Decomposition
✓ Strips ALL Active Content
✓ Mathematically Clean Rebuild
100% Structural Safety
The Sanitization Workflow
Magic byte validation. Detects MZ (PE) headers disguised as PDF. Blocks extension spoofing at the binary level.
Unpacks OPC packages (DOCX) or iterates xref objects (PDF). Maps every potential threat vector in the file tree.
Surgical removal of /JavaScript, /OpenAction, VBA Macros, and DDE objects. Neutralizes external phishing URIs.
Groq LLaMA 3.3-70B generates a natural language narrative of found threats and executes a final risk score.
14 High-severity threats detected including VBA Macros and PowerShell Cradles.
"The document 'malicious_test.docx' contains severe auto-execute scripts designed to spawn shell processes. Aegis has effectively isolated the vbaProject.bin and neutralized 2 encrypted DDE payloads. Reconstruction confirmed safe at 100% visual fidelity."