Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Authenticode signatures are partially checked on Linux from now on! However, the certificate trust chain is not verified yet.
The list of known packer section names has been expanded.
The RICH header is now parsed, and its integrity is verified. The Olympic Destroyer wiper is a good example of how inconsistencies are reported. I have also written a
blog post on the subject if you want to know more!
I have written a new plugin to look at the PE's overlay data (example: this sample from the FelixRoot campaign).
I've started listing Manalyze users on the project's GitHub page. Let me know if you would like to be added to the list!
Tuesday July 18, 2017
There is now a "discussion" tab you can use to exchange information on samples.
A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
Wednesday June 8, 2016
Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
You can access the JSON report for any uploaded sample from the command line: curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being.
Search engine links have been added after each hash.