9 online tools for malware analysis
Nowadays, malware and emergent threats are part of our digital life. We must know or be aware of these kinds of threats so we don’t fall into the tentacles of cybercriminals. Below are nine tools that you can use to analyze malware.
Any.Run is a tool that allows users to play with malware in a secure environment. This interactive tool provides dynamic analysis and static analysis on Windows machines. It parses the events happening during the execution of one or more processes. The free community version is powerful, with many resources that either users or cyber experts can use.
Hatching Triage is a malware analysis sandbox developed for supporting cross-platforms such as Windows, Android, Linux and macOS. The tool is equipped with high-volume malware analysis capabilities and malware configuration extraction for dozens of malware families. It also provides a community version and can be used to extract information about emergent threats, including malware and suspicious URLs.
0xSI_f33d is a repository that compiles phishing and malware campaigns targeting internet end users. 0xSI_f33d aggregates phishing and malware campaigns, and as a result, an API for community integration is provided. This API can be integrated into several systems, including SIEMs, firewalls and so on. The tool also has a feature to search for specific URLs and domains and learn if the submitted artifact is then categorized as malicious.
VirusTotal is a free online service that analyzes files and URLs, making it possible to identify malicious content detectable by antivirus and website scanners. It is composed of a strong contribution from the cybersecurity community and provides a community API for integration. Cyber Intelligence and Hunting features are paid and available for enterprises or researchers.
CyberChef is a web application developed by GCHQ, also known as Cyber Swiss Army Knife. From the CyberChef Github page: “CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser." It can be utilized online or downloaded into a local machine.
Joe Sandbox is an online sandbox that detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. This tool performs deep malware analysis and generates detailed reports in several formats. It provides a community version with many powerful features that help cyber experts and users with threat analysis.
Hybrid Analysis is a free malware analysis service that detects and analyzes unknown threats using a unique technology. Hybrid Analysis is a file analysis approach that combines runtime data with memory dump analysis to extract all possible execution pathways, even for the most evasive malware.
All data extracted from the Hybrid Analysis engine is processed automatically and integrated into the malware analysis reports. Users can search thousands of existing malware reports or download samples and IOCs (source).
Intezer automates security operations by simulating the complex decision-making process and threat analysis skills of experienced analysts. Intezer Analyze combines genetic code analysis with other fundamental techniques to automate the investigation of emerging threats with a user-friendly GUI and easy to use. It has a community version that can be used to investigate cyber threats, including malware and suspicious URLs.
URLscan is a simple and effective sandbox for websites. This tool allows to find and analyze malicious websites and phishing URLs. It provides different utilities for monitoring websites like health checks and screenshots.