MultiAV
- VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community
- VirScan: Free virus scan is a free online scan service, utilizing various anti-virus programs to diagnose single files.
- Jotti: Jotti’s malware scan is a free service that lets you scan suspicious files with several anti-virus programs.
- AntiScan: Online malware scanner without result distribution.
Online Sandbox
- Joe Sandbox: Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports.
- Falcon Sandbox: This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
- Any.Run: Cloud-based malware analysis service. Take your information security to the next level. Analyze suspicious and malicious activities using our innovative tools.
- Reverss: Malware analysis platform
- Intezer Analyze: Malware analysis platform
- Valkyrie: Valkyrie is a file verdict system. Different from traditional signature based malware detection techniques Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malware undetected by classic Anti-Virus products.
- Amnpardaz: Jevereg analyses the behavior of potential malicious executables. It’s built on top of Amnpardaz Sandbox.
- IObit Cloud: IObit Cloud is an advanced automated threat analysis system.
- IRIS-H Digital Forensics: IRIS-H is an online digital forensics tool that performs automated static analysis of files stored in a directory-based or strictly structured formats.
- SndBox: Malware analysis platform
- InQuest Labs: The InQuest platform provides high-throughput Deep File Inspection (DFI) for threat and data leakage prevention, detection, and hunting.
- Hatching Triage: Hatching Triage is our state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and malware configuration extraction for dozens of malware families.
- Maltiverse: Malware analysis platform
- MetaDefender Cloud: Simply submit suspicious files to MetaDefender Cloud for analysis. A comprehensive report is created to inform you about the contents of the file.
- Microsoft Security Intelligence: Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware.
Local deployment Sandbox
- CAPEv2 Sandbox: CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction
- Cuckoo Sandbox: Cuckoo Sandbox is an automated dynamic malware analysis system
- LiSa Sandbox: Linux Sandbox
- DrakVuf Sandbox: Automated hypervisor-level malware analysis system
- AMIRA: Automated Malware Incident Response & Analysis
- Android Malware Sandbox: Android Malware Sandbox
Malware samples
- Malquarium: Providing security researchers and other curious people access to malware samples.
- VirusBay: VirusBay is a web-based, collaboration platform that connects security operations center (SOC) professionals with relevant malware researchers.
- MalwareBazaar: MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.
- TheZoo Malware: theZoo is a project created to make the possibility of malware analysis open and available to the public.
- Any.Run public sample: Any.Run public sample
- Cape Sandbox samples: Cape Sandbox Sample
- das malwerk: DAS MALWERK // malware samples
- Exploit Database - Exploit and shellcode samples.
- Infosec - CERT-PA - Malware samples collection and analysis.
- InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
- Tracker h3x - Agregator for malware corpus tracker and malicious download sites.
- Cryptam - Analyze suspicious office documents.
URL Investigation
- URLhaus: URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
- AbuseIPDB: Provides reputation data about the IP address or hostname
- Auth0 Signals: Checks IP address reputation; supports API
- BrightCloud URL/IP Lookup: Presents historical reputation data about the website
- CheckPhish: Checks whether the URL is a fraudulent site
- Desenmascara.me: Flags websites suspected of selling counterfeit products
- Email Blocklist Checker: Checks the domain name or IP address against email blocklists.
- FortiGuard lookup: Displays the URL’s history and category
- Google Safe Browsing: Look up the website’s current status
- hashdd: Provides historical data about IPs, URLs, etc.
- IBM X-Force Exchange: Provides historical data about IPs, URLs, etc.
- Joe Sandbox URL Analyzer: Examines the URL in real time
- Is It Hacked: Performs several checks in real time and consults some blacklists
- IsItPhishing: Assesses the specified URL in real-time
- Kaspersky Threat Intel Portal: Looks up the IP, URL, or domain in a blacklist
- Norton Safe Web: Presents historical reputation data about the website
- Palo Alto Networks URL Filtering: Looks up the URL in a blacklist
- PhishTank: Looks up the URL in its database of known phishing websites
- Malware Domain List: Looks up recently-reported malicious websites
- MalwareURL: Looks up the URL in its historical list of malicious websites
- McAfee TrustedSource: Presents historical reputation data about the website
- MxToolbox: Queries multiple reputational sources for information about the IP or domain
- Open Threat Exchange: Presents diverse threat intelligence data from AlienVault
- PassiveTotal: Presents passive DNS and other threat intelligence data
- Pulsedive: Presents historical data and queries for additional information
- Quttera ThreatSign: Scans the specified URL for the presence of malware
- Reputation Authority: Shows reputational data on specified domain or IP address
- Scamadviser: Checks whether the website is likely a shopping scam
- SecurityTrails: Provides current and historical domain or system data
- Sucuri SiteCheck: Scans the URL for malware in real-time and looks it up in several blacklists
- Talos Reputation Lookup: Presents historical reputation data about the website
- Trend Micro Site Safety Center: Presents historical reputation data about the website
- Unmask Parasites: Looks up the URL in the Google Safe Browsing database
- urlscan.io: Examines the URL in real time and displays the requests it issues to render the page
- URLVoid and IPVoid: Looks up the URL or IP in several blacklisting services
- VirusTotal: Looks up the URL in several databases of malicious sites
- ThreatMiner: Presents diverse threat intelligence data
- WebPulse Site Review: Looks up the website in BlueCoat’s database
- Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques
- zveloLive: Looks up the website in its database of categories