Free Automated Malware Analysis Sandboxes and Services
Free hosted malware analysis sandboxes automate the examination of suspicious files, providing capability overviews that help analysts prioritize follow-up work. This curated list includes services like Any.run, Hybrid Analysis, Joe Sandbox, and VirusTotal.
Automated malware analysis tools, such as analysis sandboxes, save time and help with triage during incident response and forensic investigations. They provide an overview of the specimen’s capabilities, so that analysts can decide where to focus their follow-up efforts.
Here is a comprehensive listing of free, hosted services perform automated malware analysis:
- Any.run (free version)
- Binary Guard True Bare Metal
- Intezer Analyze (Community Edition)
- IRIS-H (focuses on document files)
- CAPE Sandbox
- Comodo Valkyrie
- Detux Sandbox (Linux binaries)
- FileScan.IO (static analysis and emulation)
- Gatewatcher Intelligence
- Recorded Future Triage (Individual and researcher licenses)
- Hybrid Analysis
- InQuest Labs Deep File Inspection
- Joe Sandbox Cloud (Community Edition)
- Manalyzer (static analysis)
- sandbox.pikker.ee
- SandBlast Analysis
- SecondWrite (free version)
- SNDBOX
- ThreatConnect
- ThreatZone
- VirusTotal
- Yomi
If you know of another reliable and free service I didn’t list, please let me know. My other lists of free security resources are: Blocklists of Suspected Malicious IPs and URLs and On-Line Tools for Malicious Website Lookups.
In the malware analysis course I teach at SANS Institute, I explain how to reverse-engineer malicious software in your own lab. It’s a useful skill for incident responders and security practitioners; however, analyzing all software in this manner is impractical without some automated assistance.