|
malware.info is an extremely powerful analysis solution working at the CPU
instruction level and heavily utilising the underlying software and hardware. malware.info
simulates "dangerous" instructions by generating functionally-equivalent code that is safe to run on the target CPU,
but lets normal instructions execute natively.
The same basic principle works with Operating System simulation. malware.info maps real dynamic link libraries and makes use of real OS structures and mechanisms, emulating only the "sensitive" parts such as the file system, registry, network, and process / thread related operations. The virtual environment created mimics the OS with a full-featured system emulator without the need to rely on simple API hooking. The malware.info engine monitors "everything" from the first instruction. The engine takes control of the Windows loader, monitors Import resolving, TLS callback table parsing, monitors malware's behaviour from the original entry-point, through all the APIs, up to the final NtTerminateProcess() call. This means that our analysis is much more detailed than the one provided by other commercial Sandboxes. malware.info's engine has the ability to run programs from start to finish, including complex programs such as Microsoft Word and Mozilla Firefox. This ensures malware.info provides a reliable, super fast, in-depth and accurate analysis of malware. |
Analyze a file right now!
 |
 |
 |
 |
 |
|---|---|---|---|---|
| |
|
|
|
|