Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Manalyze plugins run in separate threads, which drastically improves scan times!
This web portal has received significant updates. Uploaded files are added to a job queue, and job results are queried in AJAX.
The web API has been rewritten and is now totally unrestricted. The full documentation is available here.
Saturday September 29, 2018
Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
The list of known packer section names has been expanded.
The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a
blog post on the subject if you want to know more!
I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
Tuesday July 18, 2017
There is now a "discussion" tab you can use to exchange information on samples.
A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!