What's new?

• Sunday February 21, 2021
  • Manalyze plugins run in separate threads, which drastically improves scan times!
  • This web portal has received significant updates. Uploaded files are added to a job queue, and job results are queried in AJAX.
  • The web API has been rewritten and is now totally unrestricted. The full documentation is available here.
• Saturday September 29, 2018
  • Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
  • The list of known packer section names has been expanded.
  • The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a blog post on the subject if you want to know more!
  • I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
  • I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
• Tuesday July 18, 2017
  • There is now a "discussion" tab you can use to exchange information on samples.
  • A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
  • The Linux authenticode plugin has received many improvements.
  • I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
  • On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!