Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Latest samples uploaded:
- c8404495c70d828891f600744e243a83
- 61450df46c20901306d1076ec2a4ed68
- 127aa81343a7c6f665c22cb1293b0a90
- ffe1d8a056314f74882553e579a701f3
- 84c82835a5d21bbcf75a61706d8ab549
- e6d8e767a407af85e3128741eeb1fae8
- d803f05ff3969a4c22b285f28ed57225
- 4e34bd2b2a6b864f9113dd008bb57063
- a92f13f3a1b3b39833d3cc336301b713
- 3b5d1420ae64bc4ec37f3b9fd443785c
What's new?
- Tuesday July 18, 2017
- There is now a "discussion" tab you can use to exchange information on samples.
- A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
- The Linux authenticode plugin has received many improvements.
- I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
- On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
- Wednesday June 8, 2016
- Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
- You can access the JSON report for any uploaded sample from the command line:
curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being. - Search engine links have been added after each hash.
- Saturday May 28, 2016
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.
RT_BITMAPresources are also previewed. This PE is a good example because it has lots of them. - You can see the 10 latest uploaded samples on this page. It's a bit crude at the moment, but it'll get better as soon as I have time to work on the search engine.
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.