30 Online Malware Analysis Sandboxes / Static Analyzers:

30 Online Malware Analysis Sandboxes / Static Analyzers:

Image for post

Update (June 28, 2018):

I compare results of sandboxes with a new TrickBot sample (SHA256:dd89e57513612ebcd917d6644b97a92fb074d5dab7da6bd7e5ac4bd93ba20219/, first submission: 2018?06?26 14:56:28)

Sandboxes that can detect the malware (ordered by name):

  • Anlyz https://sandbox.anlyz.ioResult: Malicious
  • Any.run https://app.any.runResult: Malicious Activity
  • Comodo Valkyrie (https://valkyrie.comodo.com)Result: Malware
  • Hybrid Analysis (Falcon Sandbox) (http://www.hybrid-analysis.com/)Result: Malicious (100/100)
  • Intezer Analyze https://www.intezer.comResult: Malicious
  • SecondWrite Malware Deepview https://www.secondwrite.comResult: Malicious
  • ViCheck https://vicheck.ca/ (static analysis)Result: Infected

Sandboxes that cannot detect the malware (ordered by name):

  • Jevereg (Amnpardaz Sandbox) http://jevereg.amnpardaz.com/Result: File could not be analyzed
  • IObit Cloud http://cloud.iobit.comResult: Safe

Discontinued / Down sandboxes:

  • Anubis http://anubis.iseclab.org/ (discontinued)
  • BinaryGuard (TBM Cloud Sandbox) http://www.binaryguard.comTried to register, but its website does not work.
  • BitBlaze http://bitblaze.cs.berkeley.edu/(discontinued)
  • Comodo Instant Malware Analysis http://camas.comodo.com/ (discontinued)
  • Deepviz (https://sandbox.deepviz.com/) (services cannot be subscribed anymore)
  • Eureka http://eureka.cyber-ta.org/(discontinued)
  • Malwr (Cuckoo Sandbox) (http://malwr.com/) (down)
  • ThreatExpert Automated Threat Analysis (redirects to symantec.com) (http://www.threatexpert.com/)
  • Viper https://viper.malwareconfig.com/ (down)

Trial requested:

  • ThreatTrack ThreatAnalyzer https://www.threattrack.com/malware-analysis.aspx
  • VMRay Analyzer https://www.vmray.com

Static File Analyzers:

I tested following static file analyzers with an RTF document that exploits an Adobe Flash vulnerability CVE-2016?4117

  • Malware Tacker Cryptam Document Scanner (http://www.malwaretracker.com/doc.php)Supported file types: Office files.Result: Malware
  • ViCheck https://vicheck.ca/Result: It detect the file as an Office malware, but identified with wrong CVE.
  • XecScan (http://scan.xecure-lab.com/)Supported file types: PDF and Office files.Result: It cannot analyse the malware with the following message: ?Sorry, Invalid file size!?
  • MASTIFF Online (https://mastiff-online.korelogic.com)Result: It cannot detect the malware.
  • Malware Tracker PDF Examiner (http://www.malwaretracker.com/pdf.php)Supported file types: PDF files.

Android Sandboxes / Analyzers:

  • Akana http://akana.mobiseclab.org
  • AndroTotal https://andrototal.org
  • SandDroid http://sanddroid.xjtu.edu.cn
  • Nviso https://apkscan.nviso.be/

Linux Sandboxes:

  • Detux Multiplatform Linux Sandbox http://detux.org/

Sleyman zarslan (Picus Security http://picussecurity.com)Twitter: su13ym4n E-mail: suleyman at picussecurity com

23