30 Online Malware Analysis Sandboxes / Static Analyzers:
2 min readMay 13, 2016
Update (June 28, 2018):
I compare results of sandboxes with a new TrickBot sample (SHA256:dd89e57513612ebcd917d6644b97a92fb074d5dab7da6bd7e5ac4bd93ba20219/, first submission: 2018–06–26 14:56:28)
Sandboxes that can detect the malware (ordered by name):
- Anlyz https://sandbox.anlyz.io
Result: Malicious - Any.run https://app.any.run
Result: Malicious Activity - Comodo Valkyrie (https://valkyrie.comodo.com)
Result: Malware - Hybrid Analysis (Falcon Sandbox) (http://www.hybrid-analysis.com/)
Result: Malicious (100/100) - Intezer Analyze https://www.intezer.com
Result: Malicious - SecondWrite Malware Deepview https://www.secondwrite.com
Result: Malicious - ViCheck https://vicheck.ca/ (static analysis)
Result: Infected
Sandboxes that cannot detect the malware (ordered by name):
- Jevereg (Amnpardaz Sandbox) http://jevereg.amnpardaz.com/
Result: File could not be analyzed - IObit Cloud http://cloud.iobit.com
Result: Safe
Discontinued / Down sandboxes:
- Anubis http://anubis.iseclab.org/ (discontinued)
- BinaryGuard (TBM Cloud Sandbox) http://www.binaryguard.com
Tried to register, but its website does not work. - BitBlaze http://bitblaze.cs.berkeley.edu/(discontinued)
- Comodo Instant Malware Analysis http://camas.comodo.com/ (discontinued)
- Deepviz (https://sandbox.deepviz.com/) (services cannot be subscribed anymore)
- Eureka http://eureka.cyber-ta.org/(discontinued)
- Malwr (Cuckoo Sandbox) (http://malwr.com/) (down)
- ThreatExpert Automated Threat Analysis (redirects to symantec.com) (http://www.threatexpert.com/)
- Viper https://viper.malwareconfig.com/ (down)
Trial requested:
- ThreatTrack ThreatAnalyzer
https://www.threattrack.com/malware-analysis.aspx - VMRay Analyzer https://www.vmray.com
Static File Analyzers:
I tested following static file analyzers with an RTF document that exploits an Adobe Flash vulnerability CVE-2016–4117
- Malware Tacker Cryptam Document Scanner (http://www.malwaretracker.com/doc.php)
Supported file types: Office files.
Result: Malware - ViCheck https://vicheck.ca/
Result: It detect the file as an Office malware, but identified with wrong CVE. - XecScan (http://scan.xecure-lab.com/)
Supported file types: PDF and Office files.
Result: It cannot analyse the malware with the following message: “Sorry, Invalid file size!” - MASTIFF Online (https://mastiff-online.korelogic.com)
Result: It cannot detect the malware. - Malware Tracker PDF Examiner (http://www.malwaretracker.com/pdf.php)
Supported file types: PDF files.
Android Sandboxes / Analyzers:
- Akana http://akana.mobiseclab.org
- AndroTotal https://andrototal.org
- SandDroid http://sanddroid.xjtu.edu.cn
- Nviso https://apkscan.nviso.be/
Linux Sandboxes:
- Detux Multiplatform Linux Sandbox http://detux.org/
Süleyman Özarslan (Picus Security http://picussecurity.com)
Twitter: su13ym4n E-mail: suleyman at picussecurity com
