Manalyzer : free online malware analysis

Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!



Browse Submit


What's new?

  • Sunday February 21, 2021
    • Manalyze plugins run in separate threads, which drastically improves scan times!
    • This web portal has received significant updates. Uploaded files are added to a job queue, and job results are queried in AJAX.
    • The web API has been rewritten and is now totally unrestricted. The full documentation is available here.
  • Saturday September 29, 2018
    • Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
    • The list of known packer section names has been expanded.
    • The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a blog post on the subject if you want to know more!
    • I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
    • I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
  • Tuesday July 18, 2017
    • There is now a "discussion" tab you can use to exchange information on samples.
    • A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
    • The Linux authenticode plugin has received many improvements.
    • I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
    • On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
<-- -->