Malware Analysis
Am Thursday, 24. Nov 2011 im Topic 'Malware Search'
Malbox is a Online service for malware analysis. Submit your Windows executable(*.exe) or compressed(*.zip)
http://malbox.xjtu.edu.cn/
Anubis is a service for analyzing malware.
Submit your Windows executable and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
http://anubis.iseclab.org/
netscty malware analysis tool is a "Sandbox" used for testing suspicious software (binaries) in a controlled environment. Wikipedia refers to a sandbox as "a security mechanism for separating running programs. Some Sandboxes are used to execute untested code, or un-trusted programs from unverified third-parties, suppliers and un-trusted users."
Capable File Extensions to upload:
http://www.netscty.com/Services/Sandbox
Wepawet is a framework for the analysis of web-based threats.
Wepawet is able to determine if visiting a web page would lead to an attempt to compromise the visitor's environment.
http://wepawet.iseclab.org/index.php
Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic. For each uploaded binary, the Eureka service will attempt to unpack and (for Eureka I, disassemble; for Eureka II (not yet available), decompile) the binary, and will produce an annotated callgraph, subroutine/data index page, strings summary, and a list of embedded DNS entries.
http://eureka.cyber-ta.org/
PDF X-RAY is a PDF scanner that will try and classify if a suspicious PDF is malicious or not. It does this using a number of different data sources, statistical analysis and comparisons of collected malware samples based on months of research. PDF X-RAY will provide more detailed results compared to a traditional anti-virus because it compares the uploaded sample to other known malicious documents.
https://www.pdfxray.com/
JSUNPACK
A Generic JavaScript Unpacker
Upload a PDF, pcap, HTML, or JavaScript file
http://jsunpack.jeek.org/dec/go
HTTP Web-Sniffer 1.0.37
View HTTP Request and Response Header
http://web-sniffer.net/
GFI Sandbox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDF's, malicious URL's and Flash ads.
Once you submit your sample below we will email you an executive level PDF and an XML report containing all the behavior information gathered during analysis.
http://www.threattrack.com/
COMODO
If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.
http://camas.comodo.com/
MWAnalysis
You may also use our mail submission feature. To use this service, please send an email to mwsubmit@mwanalysis.org and attach the a ZIP file containing the files you want to analyse. The ZIP file can be password-protected using the password 'infected'. The links to the corresponding reports will be sent to the sender's e-mail address.
ZIP packed files can also be submitted, if the password is 'infected'. A maximum of 50 files per ZIP is allowed.
http://mwanalysis.org/?site=1&page=submit
ThreatExpert Free Online File Scanner
If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, ThreatExpert will scan it and report back its findings.
http://www.threatexpert.com/filescan.aspx
malware tracker
PDF Examiner
View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits (CVE-2007-5659, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-3954, CVE-2009-3953, CVE-2009-3959, CVE-2009-1493, CVE-2010-0188, CVE-2010-1297, CVE-2010-2883, CVE-2010-3654, CVE-2010-4091, CVE-2011-0609, CVE-2011-0611 and embedded /Action commands), process PDF compression (FlateDecode, ASCIIHexDecode, LZWDecode, ASCII85Decode, RunLengthDecode), encryption (40+128 bit RC4, 128 bit AESV2), and obfuscation (unicode, Hex, fromCharCode)
http://www.malwaretracker.com/pdf.php
malware tracker
Shellcode Analysis
Unpack and analyze shellcode. Paste hex of shellcode.
http://www.malwaretracker.com/shellcode.php
Exe_Dump_Utility
See what's inside an EXE file or DLL
http://utilitymill.com/utility/Exe_Dump_Utility
Shellcode 2 EXE
See what's inside an EXE file
http://sandsprite.com/shellcode_2_exe.php
NSI Sandbox
Our malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers. Once you upload your potential malware sample to be analyzed a custom report will be generated for you. Upon completion of the analysis, an e-mail will be sent back to you in a PDF format. The report will outline the activity generated and observed once the file is executed within our controlled environment.
Ether
Malware Analysis via Hardware Virtualization Extensions
http://ether.gtisc.gatech.edu/web_unpack
viCHECK
We can accept any type of file including executables, documents, spreadsheets, presentations, compiled help files, database packages, PDF, images, emails, or archives. You can also submit a file from a remote web address.
https://www.vicheck.ca/
Xandora
Your Online Binary Analyzer
http://www.xandora.net/upload/
Norman SandBox
http://www.norman.com/security_center/security_tools/
GFI Sandbox
http://www.threattrack.com/
Zulu URL Risk Analyzer
Zulu is a dynamic risk scoring engine for web based content. For a given URL, Zulu will retrieve the content and apply a variety of checks in three different categories:
Content Checks – Inspection of page content to identify potentially malicious code in a variety of categories
URL Checks – Inspection of the full URL to identify malicious patterns and check the URL/FQDN/TLD against third party and Zscaler block lists
Host Checks – IP, DNS and netblock reputation checks
http://zulu.zscaler.com/
http://malbox.xjtu.edu.cn/
Anubis is a service for analyzing malware.
Submit your Windows executable and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
http://anubis.iseclab.org/
netscty malware analysis tool is a "Sandbox" used for testing suspicious software (binaries) in a controlled environment. Wikipedia refers to a sandbox as "a security mechanism for separating running programs. Some Sandboxes are used to execute untested code, or un-trusted programs from unverified third-parties, suppliers and un-trusted users."
Capable File Extensions to upload:
http://www.netscty.com/Services/Sandbox
Wepawet is a framework for the analysis of web-based threats.
Wepawet is able to determine if visiting a web page would lead to an attempt to compromise the visitor's environment.
http://wepawet.iseclab.org/index.php
Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic. For each uploaded binary, the Eureka service will attempt to unpack and (for Eureka I, disassemble; for Eureka II (not yet available), decompile) the binary, and will produce an annotated callgraph, subroutine/data index page, strings summary, and a list of embedded DNS entries.
http://eureka.cyber-ta.org/
PDF X-RAY is a PDF scanner that will try and classify if a suspicious PDF is malicious or not. It does this using a number of different data sources, statistical analysis and comparisons of collected malware samples based on months of research. PDF X-RAY will provide more detailed results compared to a traditional anti-virus because it compares the uploaded sample to other known malicious documents.
https://www.pdfxray.com/
JSUNPACK
A Generic JavaScript Unpacker
Upload a PDF, pcap, HTML, or JavaScript file
http://jsunpack.jeek.org/dec/go
HTTP Web-Sniffer 1.0.37
View HTTP Request and Response Header
http://web-sniffer.net/
GFI Sandbox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDF's, malicious URL's and Flash ads.
Once you submit your sample below we will email you an executive level PDF and an XML report containing all the behavior information gathered during analysis.
http://www.threattrack.com/
COMODO
If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.
http://camas.comodo.com/
MWAnalysis
You may also use our mail submission feature. To use this service, please send an email to mwsubmit@mwanalysis.org and attach the a ZIP file containing the files you want to analyse. The ZIP file can be password-protected using the password 'infected'. The links to the corresponding reports will be sent to the sender's e-mail address.
ZIP packed files can also be submitted, if the password is 'infected'. A maximum of 50 files per ZIP is allowed.
http://mwanalysis.org/?site=1&page=submit
ThreatExpert Free Online File Scanner
If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, ThreatExpert will scan it and report back its findings.
http://www.threatexpert.com/filescan.aspx
malware tracker
PDF Examiner
View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits (CVE-2007-5659, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-3954, CVE-2009-3953, CVE-2009-3959, CVE-2009-1493, CVE-2010-0188, CVE-2010-1297, CVE-2010-2883, CVE-2010-3654, CVE-2010-4091, CVE-2011-0609, CVE-2011-0611 and embedded /Action commands), process PDF compression (FlateDecode, ASCIIHexDecode, LZWDecode, ASCII85Decode, RunLengthDecode), encryption (40+128 bit RC4, 128 bit AESV2), and obfuscation (unicode, Hex, fromCharCode)
http://www.malwaretracker.com/pdf.php
malware tracker
Shellcode Analysis
Unpack and analyze shellcode. Paste hex of shellcode.
http://www.malwaretracker.com/shellcode.php
Exe_Dump_Utility
See what's inside an EXE file or DLL
http://utilitymill.com/utility/Exe_Dump_Utility
Shellcode 2 EXE
See what's inside an EXE file
http://sandsprite.com/shellcode_2_exe.php
NSI Sandbox
Our malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers. Once you upload your potential malware sample to be analyzed a custom report will be generated for you. Upon completion of the analysis, an e-mail will be sent back to you in a PDF format. The report will outline the activity generated and observed once the file is executed within our controlled environment.
Ether
Malware Analysis via Hardware Virtualization Extensions
http://ether.gtisc.gatech.edu/web_unpack
viCHECK
We can accept any type of file including executables, documents, spreadsheets, presentations, compiled help files, database packages, PDF, images, emails, or archives. You can also submit a file from a remote web address.
https://www.vicheck.ca/
Xandora
Your Online Binary Analyzer
http://www.xandora.net/upload/
Norman SandBox
http://www.norman.com/security_center/security_tools/
GFI Sandbox
http://www.threattrack.com/
Zulu URL Risk Analyzer
Zulu is a dynamic risk scoring engine for web based content. For a given URL, Zulu will retrieve the content and apply a variety of checks in three different categories:
Content Checks – Inspection of page content to identify potentially malicious code in a variety of categories
URL Checks – Inspection of the full URL to identify malicious patterns and check the URL/FQDN/TLD against third party and Zscaler block lists
Host Checks – IP, DNS and netblock reputation checks
http://zulu.zscaler.com/