21 Free Malware Analysis Tools
Check your files for viruses for free and protect your computer from malware threats using these alternatives to VirusTotal. Scan websites with these malware analysis services.
Photo : © Yuri Samoilov
What is malware?
Malware is the kind of software whose only intention is to cause damage in other computers. The damage they can cause may be :
Delete or encrypt the PC contents. It can even blackmail the user to recover the lost data.
Create backdoors used by unauthorized people to access the information in your computer or your company.
Show unsolicited ads.
Use your computer to do coordinated attacks in Internet.
Spy, steal or blackmail the user.
Change the web browser configuration to use a different search engine or to show popup windows with ads.
Deceive the user showing a fake problem in the computer and asking for money to fix it.
There are several types of malware and some of them are :
Virus : Piece of code included in another program capable of infecting other programs. It requires user intervention to be executed.
Worm : Independent program capable of spreading itself over the network.
Trojan : A program that appears to be benign but it damages the computer where it’s running.
Spyware : Program installed without the user consent that spies his/her actions and causes damage.
What’s used to detect malware?
The programs used to protect computer from malware are called “antivirus” or “antimalware” and they are usually installed locally to detect the malware before the infection spreads to other files.
They can also be installed in file servers, email servers, etc. In other occasions they are available in web pages and they are used to scan or analyze files, like the web pages listed in this article.
How can malware be detected?
The 3 main malware detection methods are :
Pattern detection : It compares “signatures”, “hashes” or part of the file contents with known malware.
Behavior analysis : It checks that the file behavior is not suspicious when it’s running.
Heuristic analysis : This method analyzes the file’s system calls, instructions and execution flow, comparing them with known malware.
Malware detection effectiveness
The pattern comparison method is very safe and it’s the most used method but in some cases the malware encrypts itself or changes its own code to avoid detection.
The other methods were created for that reason but they use more system resources and they’re not as reliable.
It’s very common that some antivirus using heuristic methods give “false positives”, that is, benign software marked as a threat.
Available malware protection
According to the AV-Test security institute, 250,000 new malicious programs are detected every day and according to the data given by Kaspersky, one of the biggest antivirus vendors, 323,000 new malware samples are found each day.
Kaspersky also states that the amount of new malware appearing every day implies that only the biggest antivirus vendors have the necessary resources to give a protection level near 100%.
This means that no antivirus software detects 100% of the threats and you need some extra safety tools to maximize your protection level.
Among the additional protection methods are :
User education to identify phishing attacks.
Use antivirus software in file servers and email servers.
Use the online malware file analyzers shown in this article.
Photo : © Christiaan Colen
Online Malware File Analyzers
These web pages receive suspicious files or URLs and they are analyzed with one or more antivirus programs.
To interpret the results you have to consider the following :
The antivirus programs used by these web pages must bu updated.
The heuristic detection methods aren’t as reliable as the other methods.
Some antivirus vendors don’t have enough resources to detect the latest threats.
Some antivirus programs may use an overzealous scanning method that show too many false positives to give the user a false sense of security.
This is the list of the free file analysis services, in alphabetical order :
Anlyz.io can analyze executables, URLs and PCAP files. It also show statistical data about found infections and the affected countries.
You can send the samples anonymously or logged in with Google to scan it privately.
Malware.lu is a brand of ITrust consulting, from Luxemburg. It has a malware analysis engine called AVCaesar. The submitted files are analyzed with 10 different antivirus programs and you can check the results in a matter of minutes.
Cryptam is a malware analysis service for Microsoft Office documents offered by a Canadian company called TyLabs. It can analyze the documents privately and the results can be sent by email. It has a maximum file size of 12Mb approximately.
Cuckoo is an open source malware analysis engine that accepts multiple file types, URLs and hashes.
Dr.Web is an antivirus software vendor that includes a malware analysis service in their website to scan files and URLs. The results are shown in seconds and the website is available in 9 languages.
FortiGuard Labs is a part of FortiNet, an american corporation dedicated to network security products which also has a malware analysis service in their website.
One of the many web applications available at Gary’s Hood is a virus scanner. It uses 3 antivirus and you can scan URLs or submit files smaller than 40Mb. The files are deleted from the server after the analysis.
Hybrid Analisys is a free malware analysis service offered by a German company called Payload Analysis where you can scan URLs or submit files smaller than 100Mb. This company has the same service at https://www.reverse.it/
IOBit is a software vendor with several system utilities, security software and a free online malware analysis service called IOBit Cloud.
Joe Sandbox Cloud is a malware analysis service that allows you to scan files up to 100Mb or URLs. The free version is limited to 30 scans/month and 5 scans/day, and the results are publicly available.
Jotti offers a free malware analysis service available in 11 languages that uses 18 antivirus. They share the submitted files with anti-malware companies.
Malwr is an independent malware analysis service operated by volunteer security professionals to help the community. The submitted files are not shared outside and they doesn't profit from the user's data. It's based on the Cuckoo sanbox and it also uses VirusTotal.
Metadefender is the free malware analysis service offered by OPSWAT, a security software company from the USA. Metadefender scans files smaller than 140Mb with 33 antivirus.
Nano is a Russian company dedicated to security software that includes a free malware analyzer in their website. It can analyze files smaller than 20Mb.
NoDistribute is a malware analysis service that allows you to scan up to 3 files per day for free. One of the main features is that it keeps the privacy of the analysis results.
PDF Examiner allows you to send PDF files and check if they contain malware. PDF Examiner also keeps the privacy of the analysis results and it can be configured to send them by email. This service is offered by a Canadian company called TyLabs.
SecondWrite is a US company that offers a malware detection service. This service allows you to send 20 files every month for free after you register in their website.
VirScan is a free malware analysis service that uses 39 antivirus to scan files smaller than 20Mb. This service is available in 18 languages.
VirusBlokAda is a Belarusian antivirus vendor and the creator of the VBA32 antivirus. When you visit their web page and select the Belarusian language it allows you to submit files for analysis and you get the results quickly.
VirusTotal is a free malware analysis service created by an Spanish company called Hispasec Sistemas and later bought by Google. It uses more than 60 antivirus programs to scan the files.