Prompting LLMs with multiple decompiler views of the same binary improves malware detection recall—a practical, training-free improvement for security analysts using AI to triage suspicious code.
This paper shows that using multiple decompilers (Ghidra and RetDec) to analyze the same malware binary improves LLM-based malware classification. Since different decompilers expose different artifacts through their lossy conversion process, combining their outputs helps LLMs better identify malicious code without requiring model retraining.