Joe Sandbox ML is a machine learning-based plugin for Joe Sandbox Cloud that detects malicious files without requiring signature updates. It operates by running on function traces gathered during sandbox execution, enabling analysis across a range of file types beyond standard PE executables. The engine uses deep learning techniques to analyze Windows API calls and static PE data, generating a binary verdict (clean or malicious) for each analyzed file. This verdict is then combined with the threat score produced by Joe Sandbox's dynamic execution engine to produce a final assessment. Joe Sandbox ML is particularly useful for samples that exhibit minimal behavioral activity during dynamic analysis. By combining static and dynamic function trace analysis, it can assess crashing samples and DLLs that would otherwise be difficult to classify. Supported file types include PE executables, MSI installers, JAR files, PowerShell scripts, and Batch scripts. Key characteristics: - No signature updates required for detection of unknown malicious files - Verdicts are generated quickly, often under one second - Tuned for high detection rates with a low false positive rate - Functions as a plugin that integrates into Joe Sandbox Cloud