What's new?

• Saturday September 29, 2018
  • Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
  • The list of known packer section names has been expanded.
  • The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a blog post on the subject if you want to know more!
  • I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
  • I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
• Tuesday July 18, 2017
  • There is now a "discussion" tab you can use to exchange information on samples.
  • A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
  • The Linux authenticode plugin has received many improvements.
  • I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
  • On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
• Wednesday June 8, 2016
  • Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
  • You can access the JSON report for any uploaded sample from the command line: curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being.
  • Search engine links have been added after each hash.