1. Typically analyzing malware requires a great deal of knowledge in computers and expects basic knowledge of terminal commands,configuring the tool correct and right usage of advanced tools. As seen in my last post about Cuckoo usage and configuration,it is actually complex and confusing at times,now what if one can use Cuckoo without doing anything like that..no installation,no configuration,no testing and bugging...one can directly use Cuckoo directly for a sample file analysis.As we realize the power online tools,its becomes actually easier for anyone to analyze a file’s behavior by simply uploading the file to the free on-line services for automated analysis and review the detailed and yet easy to understand report.This way not only the analyst gets a quick report and analysis but more importantly he gets a variety of reports which can be compared and analyzed further leading to expedited pace of understanding and clarity of the malware architecture and working.Here I list out my choices of best on-line file/malware analyzers that can be used for free with address and screenshots of sample usage....
2. ThreatExpert at http://www.threatexpert.com/submit.aspx
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.
Wepawet is a free service, for non-commercial organizations, to detect and analyze web-based threats. It currently handles Flash, JavaScript, and PDF files.But the upload size of the file is limited to 2 Mb and below.
4. IObit Cloud at http://cloud.iobit.com/
IObit Cloud is an advanced automated threat analysis system. It uses the latest Cloud Computing technology and Heuristic Analyzing mechanic to analyze the behavior of spyware, adware, trojans, keyloggers, bots, worms, hijackers and other security-related risks in a fully automated mode
5. Comodo Instant Malware Analysis at http://camas.comodo.com/
Comodo Instant Malware Analysis is one of the easier to use and understand online sandbox service wherein no submission form is required nor an email address nor solving a CAPTCHA code. Simply browse the file that you want to analyze in Comodo sandbox, tick the box to agree with their terms and click the Upload file button. The file will then be analyzed in real time and the report page will continuously refresh by itself until the analysis has been completed.
6. ViCheck at https://vicheck.ca/
Vicheck.ca is an advanced malware detection engine designed to decrypt and extract malicious executables from common document formats such as MS Office Word, Powerpoint, Excel, Access, or Adobe PDF documents. ViCheck will detect the majority of embedded executables in documents as well as common exploits which download malware from the internet.ViCheck is a free service designed to help the public detect new sophisticated malware which is often difficult to detect with common commercial anti-virus programs.
7. Anubis at https://anubis.iseclab.org/
Anubis is another popular online service to analyze unknown Windows executable files. Four report formats (HTML, XML, PDF and Text) are available to download once the analysis has been complete.
8. GFI Threattrack at http://www.threattracksecurity.com/
GFI SandBox is meant for OEM or cloud providers and fortunately they’ve created a webpage that offers free analysis called ThreatTrack which uses their sandbox technology. ThreatTrack supports analyzing any Windows executable file, office documents, PDF files and even flash ads that is mostly not accepted by other online sandboxes.
9. Joe sandbox cloud at https://www.file-analyzer.net/
Joe Sandbox is the automated malware analysis system which implements any state of the art program analysis technology from coarse to fine grained including dynamic, static and hybrid. Joe Sandbox’s analysis spectrum enables to discover any behavior including hidden or obfuscated parts.
10. EUREKA:An Automated Malware Binary Analysis Service at http://eureka.cyber-ta.org/
Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic.
11. XecScan at http://scan.xecure-lab.com/
The Xecure Lab Scanner (XecScan) gives the security community and general public on-demand analysis of any suspicious document file where no installation or registration is required to enjoy the service. Though it’s free, XecScan is capable of finding advanced malware, zero-day, and targeted APT attacks embedded in common file formats.
12. Malwr at https://malwr.com/submission/ [Based on Cuckoo]
Malwr is a free malware analysis service and community launched in January 2011. One can submit files to it and receive the results of a complete dynamic analysis back.Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.Malwr is mainly based on an open source malware analysis tool called Cuckoo Sandbox as explained in my last post at http://anupriti.blogspot.in/2015/09/cuckoo-sandboxautomatic-malware.html
In fact as you google,you will find thousands of links and websites offering free online malware analysis but one has to be careful too while submitting any file to such sites.......so happy analyzing for now.....
Comodo Instant Malware Analysis is one of the easier to use and understand online sandbox service wherein no submission form is required nor an email address nor solving a CAPTCHA code. Simply browse the file that you want to analyze in Comodo sandbox, tick the box to agree with their terms and click the Upload file button. The file will then be analyzed in real time and the report page will continuously refresh by itself until the analysis has been completed.
6. ViCheck at https://vicheck.ca/
Vicheck.ca is an advanced malware detection engine designed to decrypt and extract malicious executables from common document formats such as MS Office Word, Powerpoint, Excel, Access, or Adobe PDF documents. ViCheck will detect the majority of embedded executables in documents as well as common exploits which download malware from the internet.ViCheck is a free service designed to help the public detect new sophisticated malware which is often difficult to detect with common commercial anti-virus programs.
7. Anubis at https://anubis.iseclab.org/
Anubis is another popular online service to analyze unknown Windows executable files. Four report formats (HTML, XML, PDF and Text) are available to download once the analysis has been complete.
8. GFI Threattrack at http://www.threattracksecurity.com/
GFI SandBox is meant for OEM or cloud providers and fortunately they’ve created a webpage that offers free analysis called ThreatTrack which uses their sandbox technology. ThreatTrack supports analyzing any Windows executable file, office documents, PDF files and even flash ads that is mostly not accepted by other online sandboxes.
9. Joe sandbox cloud at https://www.file-analyzer.net/
Joe Sandbox is the automated malware analysis system which implements any state of the art program analysis technology from coarse to fine grained including dynamic, static and hybrid. Joe Sandbox’s analysis spectrum enables to discover any behavior including hidden or obfuscated parts.
10. EUREKA:An Automated Malware Binary Analysis Service at http://eureka.cyber-ta.org/
Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic.
11. XecScan at http://scan.xecure-lab.com/
The Xecure Lab Scanner (XecScan) gives the security community and general public on-demand analysis of any suspicious document file where no installation or registration is required to enjoy the service. Though it’s free, XecScan is capable of finding advanced malware, zero-day, and targeted APT attacks embedded in common file formats.
12. Malwr at https://malwr.com/submission/ [Based on Cuckoo]
Malwr is a free malware analysis service and community launched in January 2011. One can submit files to it and receive the results of a complete dynamic analysis back.Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.Malwr is mainly based on an open source malware analysis tool called Cuckoo Sandbox as explained in my last post at http://anupriti.blogspot.in/2015/09/cuckoo-sandboxautomatic-malware.html
In fact as you google,you will find thousands of links and websites offering free online malware analysis but one has to be careful too while submitting any file to such sites.......so happy analyzing for now.....