VIRSCAN
VirSCAN.org is a FREE on-line scan service, which checks uploaded files for malware, using antivirus engines, indicated in the VirSCAN list. On uploading files you want to be checked, you can see the result of scanning and how dangerous and harmful/harmless for your computer those files are.
VirSCAN.org cannot replace antivirus software on your computer. VirSCAN is not supposed and able to protect your computer from malware. VirSCAN only scans files, which may contain viruses, trojans, backdoors, spyware, dialers. However, VirSCAN does not bear responsibilty for the results of scanning. Even if all the AV engines, included to VirSCAN fail to detect any kind of malware in the file you upload, it does not guarantee its being clean and safe for your computer. Some anti-virus engines may define the files you will upload as malware, but it may turn out to be a false positive. Due to the platform and the engine version, the scan report can't show the actual abilities of antivirus vendors. There are possible situations when VirSCAN fails to detect a real malware, but AV vendor, indicated in the test is capable of finding malware, or on the contrary, VirSCAN detects malware, but the AV engine fails to do it. All the examples, mentioned above may occur, so VirSCAN does not bear any responsibilty for the results of scanning.
PeStudio
PeStudio is a free tool performing the static analysis and investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system or leaves anything behind. A short Handbook for PeStudio is also available. This handbook is still under construction and will be updated on a regular basis.
MASTIFF
MASTIFF, created by Tyler Hudak, is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats. To ensure the framework remains flexible and extensible, a community-driven set of plug-ins is used to perform file analysis and data extraction. While originally designed to support malware, intrusion, and forensic analysis, the framework is well-suited to support a broader range of analytic needs. In a nutshell, MASTIFF allows analysts to focus on analysis rather than figuring out how to parse files.
COMODO
Instant malware analysis brought to you by COMODO Security Solutions, Inc. If you have a suspicious file, please submit it online by using the link below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.
VIRUS TOTAL
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
VirusTotal’s mission is to help in improving the antivirus and security industry and make the internet a safer place through the development of free tools and services.
THREATANALYZR
ThreatAnalyzer is the industry's only malware analysis solution that enables you to completely and accurately quantify the risk and exposure your organization faces from any malware threat.
"Sandbox customization is the
only way to adequately detect
and stop targeted attacks"
As a fully customizable platform, ThreatAnalyzer enables you to recreate your entire application stack (including virtual and native environments) in which you can detonate malicious code to see exactly how malware will behave across all your network and systems configurations. Moreover, custom malware determination rules help
you fine tune ThreatAnalyzer to be on the alert for suspicious behavior and activity that concern you most, such as anomalous access to sensitive systems, data exfiltration to foreign domains, queries made to custom applications and more.
Within minutes of detonating a malware sample, you will know exactly which system configurations on your network are vulnerable to any threat, enabling you to instantly respond by isolating systems and implementing defenses to prevent infections.
ANUBIS
Anubis is sponsored by Lastline, Inc., and Secure Business Austria, and developed by the International Secure Systems Lab. We are a small team of enthusiastic security professionals doing research in the field of computer security and malware analysis. Our goal is to provide interested and advanced computer users with a tool that helps in combatting malware. This is why we provide this service free of charge.
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.
EUREKA
Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic. For each uploaded binary, the Eureka service will attempt to unpack and (for Eureka I, disassemble; for Eureka II (not yet available), decompile) the binary, and will produce an annotated callgraph, subroutine/data index page, strings summary, and a list of embedded DNS entries.
MALWR
A free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back. Malwr is mainly based on an open source malware analysis tool we (Claudio nex Guarnieri and Alessandro jekil Tanasi) also created and develop called Cuckoo Sandbox.
THREATEXPERT
ThreatExpert (patent pending) is an advanced automated threat analysis system (ATAS) designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
The ThreatExpert system produces reports with the level of technical detail that matches or exceeds antivirus industry standards such as those found in online virus encyclopedias.
It only takes 2-3 minutes for an automation server to process a single threat, making it possible to generate up to 1,000 highly detailed threat descriptions per server, per day. Built on a distributed architecture the service can scale to a virtually unlimited amount of threat analysis servers, thereby allowing unlimited automated processing of threat samples.
XECSCAN
The Xecure Lab Scanner (XecScan) gives the security community and general public on-demand analysis of any suspicious document file where no installation or registration is required to enjoy the service. Though it's free, XecScan is capable of finding advanced malware, zero-day,and targeted APT attacks embedded in common file formats. Furthermore, with the use of patent-pending exploit analysis engine, XecScan provides forensic data such as build time of the malware, program call graph, exploit being embedded, and communication hops involved.
When Internet users need a handy tool to test advanced phishing attacks, they can simply load a suspicious file into the XecScan online platform and in minutes, XecScan will report APT check result and malware summary of the analyzed file such as PDF document or office file.
-
Provides fast, reliable on-demand analysis for unknown file and suspicious document- Supports quick APT scanning of one single file at a time. No installation, deployment, configuring, and preparation.
-
Automated analysis of zero-day attacks for common file formats- Detects targeted attacks using malicious PDFs, Flash, ZIP/RAR archives, and Office documents and provides executive summary of its build time, CVE number, program behavior, and malware type.
-
Identifies malware communication hops- Shows what network nodes such as command and control (CnC) are involved.
-
APT clustering analysis- Each advanced attack is compared against a long-history of global APT activities to associate similar groups and better understand the origin of the criminals.
MALWAREVIZ
Malware Visualization shows the simple stuff of malicious software.
MalwareViz was created to display the actions of a bad file by generating a picture. More information can be found by simply clicking on different parts of the picture.
The simple goal is to make something easier. Explaining the actions of a malicious file is difficult. The language used is not standard. One person may want to know if the file is simply “bad” while another wants all the details. MalwareViz solves this problem by giving a quick picture of important actions and clickable links to the details.
XANDORA
xandora.net is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of xandora.net results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary.
The generated report includes detailed data about modifications made to the Windows registry or the file system or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching.
It is the ideal tool for a person to get a quick understanding of the purpose of an unknown binary.
VICHECK
Upload a sample of suspected malware to be fed into our analysis network. We can accept any type of file including executables, documents, spreadsheets, presentations, compiled help files, database packages, PDF, images, emails, or archives. You can also submit a file from a remote web address.
Our scanning system will automatically process and email you back a report about your submitted files. Occasionally we may contact you for more information about particularly interesting samples, together we can help make the internet a safer place for everyone.
For your convenience, you can also forward your malware samples by email to hereyougo@vicheck.ca . Please try to include the full email headers wherever possible (you may need to view headers then copy and paste them into the forwarded message.)
METASCAN
Metascan Online is a free online file scanning service powered by OPSWAT’s Metascan technology, a multiple engine malware scanning solution.