Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Latest samples uploaded:
- d7726239d2216a4c654fc7e77a6d4004
- dd537b1fe5e80d0e9e44cde818e283a4
- 072a7b7ee57647875bcbdd83ececa119
- ddd6959871f15c508c9368b38e11eb70
- d8fa17f5f121d5d5566ae6c678f337b8
- 0e4af704e2432d4c20344e3e958762eb
- 122f2baf938ce222f13a37a3c6c45a80
- 87d714f146cb099202937c30914661b0
- 7dd17081fb73d13df36e28ce13b0fc8c
- d5a96f84b239671f784b29ea998db236
What's new?
- Tuesday July 18, 2017
- There is now a "discussion" tab you can use to exchange information on samples.
- A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
- The Linux authenticode plugin has received many improvements.
- I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
- On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
- Wednesday June 8, 2016
- Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
- You can access the JSON report for any uploaded sample from the command line:
curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being. - Search engine links have been added after each hash.
- Saturday May 28, 2016
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.
RT_BITMAPresources are also previewed. This PE is a good example because it has lots of them. - You can see the 10 latest uploaded samples on this page. It's a bit crude at the moment, but it'll get better as soon as I have time to work on the search engine.
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.