Manalyzer : free online malware analysis

Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!



Browse Submit


What's new?

  • Saturday September 29, 2018
    • The list of known packer section names has been expanded.
    • The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a blog post on the subject if you want to know more!
    • I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
    • I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
  • Tuesday July 18, 2017
    • There is now a "discussion" tab you can use to exchange information on samples.
    • A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
    • The Linux authenticode plugin has received many improvements.
    • I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
    • On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
  • Wednesday June 8, 2016
    • Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
    • You can access the JSON report for any uploaded sample from the command line: curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being.
    • Search engine links have been added after each hash.