Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Latest samples uploaded:
- b110212c352d3b7820ef3fabc0ebba47
- 84c82835a5d21bbcf75a61706d8ab549
- d5dcd28612f4d6ffca0cfeaefd606bcf
- 795137104d97da1bf4282fd6979bb38d
- a6d4bdb02430586bada8fce9fc6be852
- 9226b9a9fb04434df44abca0c4bf531f
- e0396a7836db14af4ced30177ae3b91a
- 5031998d7a577cab275491ea50176180
- 92818764a320ca57d8656d5700ffd281
- d34ba729405c1006ec53b8f909482230
What's new?
- Tuesday July 18, 2017
- There is now a "discussion" tab you can use to exchange information on samples.
- A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
- The Linux authenticode plugin has received many improvements.
- I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
- On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
- Wednesday June 8, 2016
- Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
- You can access the JSON report for any uploaded sample from the command line:
curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being. - Search engine links have been added after each hash.
- Saturday May 28, 2016
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.
RT_BITMAPresources are also previewed. This PE is a good example because it has lots of them. - You can see the 10 latest uploaded samples on this page. It's a bit crude at the moment, but it'll get better as soon as I have time to work on the search engine.
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.