Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Latest samples uploaded:
- 540147995d966c87dd562f6ef67c7ed1
- 10e4a1d2132ccb5c6759f038cdb6f3c9
- 3e5b191307609f7514148c6832bb0842
- 87fc36331657b3f6f1002d7a965df088
- a712b3a431a5b05afb257d39683be1b2
- b8b14ca4d271082785e5a35ec6d3828a
- 2867a3817c9245f7cf518524dfd18f28
- fcb653411442ca000f144651c8c80a1b
- dc57926b0aa518a3a884a8b7f7158e16
- 9146f21288ab749c4c729343f5f285a1
What's new?
- Tuesday July 18, 2017
- There is now a "discussion" tab you can use to exchange information on samples.
- A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
- The Linux authenticode plugin has received many improvements.
- I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
- On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
- Wednesday June 8, 2016
- Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
- You can access the JSON report for any uploaded sample from the command line:
curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being. - Search engine links have been added after each hash.
- Saturday May 28, 2016
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.
RT_BITMAPresources are also previewed. This PE is a good example because it has lots of them. - You can see the 10 latest uploaded samples on this page. It's a bit crude at the moment, but it'll get better as soon as I have time to work on the search engine.
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.