Manalyzer is a free service which performs static analysis on PE executables to detect undesirable behavior.
Try it online, or check out the underlying software on GitHub!
Latest samples uploaded:
- 7d67ce19947d890dd2515d9ade051f2d
- bb7425b82141a1c0f7d60e5106676bb1
- 370ce5389f0ca29361e20222f47ca4ea
- f987f944d2b9a9d5d7886061b0d87120
- f34e7705751bb413283434697bf8e55d
- 7407342cd72aab4a293cfa8248c393f1
- 163fe0ab6b2d3f864b731ebbd4faa056
- 8090aa6400865b20d601ae2ee2eaf514
- 42d2bf6f6acc6e6db182023eb7917c70
- e262d873f11325ee180801e7b6f11535
What's new?
- Tuesday July 18, 2017
- There is now a "discussion" tab you can use to exchange information on samples.
- A new plugin has been added to detect Bitcoin addresses in binaries! See this WannaCrypt sample for instance.
- The Linux authenticode plugin has received many improvements.
- I've written an extended blog post on Process Hollowing which describes how to use Manalyze's API. If you want to reuse the PE parser, be sure to read it!
- On unrelated news, I've been releasing pentesting scripts. I hope you find them useful!
- Wednesday June 8, 2016
- Executables can now be provided through URLs instead of direct file uploads. Only links to PE files are accepted (i.e. archives cannot be extracted and processed automatically).
- You can access the JSON report for any uploaded sample from the command line:
curl https://manalyzer.org/json/539f8f30c06967919b5d508198b70fbe. There are no restrictions for the time being. - Search engine links have been added after each hash.
- Saturday May 28, 2016
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.
RT_BITMAPresources are also previewed. This PE is a good example because it has lots of them. - You can see the 10 latest uploaded samples on this page. It's a bit crude at the moment, but it'll get better as soon as I have time to work on the search engine.
- Unicode strings contained in the StringTable are now extracted properly and displayed in the "Resources" tab.