Best Malware Analysis Tools
View:
Compare the Top Malware Analysis Tools as of April 2025
Sort By:
What are Malware Analysis Tools?
Malware analysis tools enable security professionals to identify, quarantine, and analyze malware that's found on files or organizational systems and resources. Compare and read user reviews of the best Malware Analysis tools currently available using the table below. This list is updated regularly.
-
1
FileWall
Odix
odix - a market leader in Enterprise CDR (Content Disarm and Reconstruction), is now offering FileWall, a native cybersecurity application for Microsoft Office 365 mailboxes for SMEs. FileWall™ is designed to run in conjunction with existing Microsoft security solutions such as EOP and ATP, ensuring complete prevention against unknown attacks delivered via email attachments. FileWall™ doesn’t harm/change any of Microsoft sender related security capabilities.Starting Price: $1 per user, per month -
2
Intezer Analyze
Intezer
Intezer automates Tier 1 SOC tasks, working like an extension of your team. Intezer can monitor incoming incidents from endpoint, email, or SIEM tools, then "autonomously" collects evidence, investigates, triages, triggers remediation action, and escalates only the the serious threats to your team for human intervention. Fast set up and integrations with your SOC and IR teams workflows (EDR, SOAR, SIEM, etc.) means you can starting filtering out false positives, get detailed analysis about every threat, and speed up your incident response time. Make sure every incident and artifact (such as files, URLs, endpoint memory, etc.) gets deeply analyzed, detecting malicious code in memory and other evasive threats.Starting Price: Free -
3
Zemana AntiMalware
Zemana
Scan your PC in fast and effective way for malware, spyware, virus detection and removal. Detects and removes annoying browser add-on's, adware, unwanted apps and toolbar and any type of malware on your PC. We are developing this product based on your feedback. Don't let malware take away your PC! Zemana is a cyber-security company that keeps you safe from identity theft, credit card fraud, ransomware and other dangers of the online world. This is a privately held company, formed in 2007 by three college graduates. They wanted to offer more refined security solutions because at that time there were no products on the market that could defeat the rapidly growing level of new hacking variants. This is how our pioneer product Zemana AntiLogger came to life. Instead of just updating a virus database with known virus variants, Zemana AntiLogger was based on behavioral characteristics, so any unexpected and suspicious activity on a computer was blocked automatically.Starting Price: $24.95 per year -
4
Threat.Zone
Malwation
Threat.Zone is a hypervisor-based, automated and interactive tool for analyzing malware , you can fight new generation malware.Starting Price: $99 per month -
5
Symantec Content Analysis
Broadcom
Symantec Content Analysis automatically escalates and brokers potential zero-day threats for dynamic sandboxing and validation before sending content to users. Analyze unknown content from one central location. Leveraging Symantec ProxySG, this malware analyzer uses a unique multi-layer inspection and dual-sandboxing approach to reveal malicious behavior and expose zero-day threats, and safely detonate suspicious files and URLs. Content Analysis delivers multi-layer file inspection to better protect your organization against known and unknown threats. Unknown or suspicious content from sources like ProxySG, messaging gateway, or other tools is delivered to Content Analysis for deep inspection, interrogation, analysis and ultimately blocking, if deemed malicious. Recent enhancements to Content Analysis strengthens this platform even further. -
6
BitNinja
BitNinja.com
BitNinja provides 3E Linux server protection for large hosting providers and small businesses equally. Effective because of our unique Defense Network that uses the power of the Ninja Community. Every BitNinja-protected server worldwide shares attack information with each other, resulting in a more intelligent and stronger protection shield by every single assault. Effortless because it is fast and easy to install, so your server protection is up and running in no time. It requires no maintenance, just keep running in the background and protecting your and your customer’s servers while you can concentrate on other aspects of your business with peace of mind. Enjoyable because you can take joy in the benefits of BitNinja, like the increased server capacity caused by the significant drop in the server load. Furthermore, you can easily manage all the modules and features on the unified dashboard and check how the the software catches malicious traffic in real-time.Starting Price: $10 per server -
7
VIPRE ThreatAnalyzer
VIPRE Security Group
VIPRE ThreatAnalyzer is a powerful dynamic malware analysis sandbox that helps you stay ahead of cyber threats. It lets you safely uncover how malware could impact your organization, so you can respond faster and smarter. Today’s most dangerous attacks often hide in legitimate-looking files—like executables, PDFs, or Microsoft Office documents—waiting for one wrong click to cause chaos, disrupt operations, and rack up financial damage. ThreatAnalyzer intercepts suspicious files, including ransomware and zero-day threats, and detonates them in a secure sandbox environment. Its machine-learning engine analyzes the threats, providing valuable insights into how attacks work, which systems are at risk, and how to strengthen defenses. Get inside the mind of attackers without compromising your network. With VIPRE ThreatAnalyzer, you’ll gain the knowledge to outsmart cybercriminals before they strike.Starting Price: $5400/year for 5q/day -
8
ANY.RUN
ANY.RUN
ANY.RUN is an online interactive sandbox for DFIR/SOC investigations. The service gives access to fast malware analysis and detection of cybersecurity threats. The effectiveness of the solution has been proven by over 500,000 active users who find new threats with ANY.RUN daily. ANY.RUN provides an interactive sandbox for malware analysis, offering deep visibility into threat behavior in a secure, cloud-based environment with Windows, Linux, and Android support. It helps SOC teams accelerate monitoring, triage, DFIR, and threat hunting — enabling them to analyze more threats in a team and process more alerts in less time. Learn more at ANY.RUN's website.Starting Price: $109 per month -
9
Pangea
Pangea
Pangea is the first Security Platform as a Service (SPaaS) delivering comprehensive security functionality which app developers can leverage with a simple call to Pangea’s APIs. The platform offers foundational security services such as Authentication, Authorization, Audit Logging, Secrets Management, Entitlement and Licensing. Other security functions include PII Redaction, Embargo, as well as File, IP, URL and Domain intelligence. Just as you would use AWS for compute, Twilio for communications, or Stripe for payments - Pangea provides security functions directly into your apps. Pangea unifies security for developers, delivering a single platform where API-first security services are streamlined and easy for any developer to deliver secure user experiences.Starting Price: $0 -
10
OPSWAT MetaDefender
OPSWAT
MetaDefender layers an array of market-leading technologies to protect critical IT and OT environments and shrinks the overall attack surface by detecting and preventing sophisticated known and unknown file-borne threats like advanced evasive malware, zero-day attacks, APTs (advanced persistent threats), and more. MetaDefender easily integrates with existing cybersecurity solutions at every layer of your organization’s infrastructure. With flexible deployment options purpose-built for your specific use case, MetaDefender ensures files entering, being stored on, and exiting your environment are safe—from the plant floor to the cloud. This solution uses a range of technologies to help your organization develop a comprehensive threat prevention strategy. MetaDefender protects organizations from advanced cybersecurity threats in data that originates from a variety of sources, such as web, email, portable media devices, and endpoints.Starting Price: $0 -
11
PolySwarm
PolySwarm
Unlike in any other multiscanner, in PolySwarm there is money at stake: threat detection engines back their opinions with money, at the artifact level (file, URL, etc.), and are economically rewarded and penalized based on the accuracy of their determinations. The following process is automated and is executed by software (engines) in near real time. Users submit artifacts to PolySwarm’s network via API or web UI. Crowdsourced intelligence (engine determinations) and a final score (PolyScore) are sent back to the User. The money from the bounty and the assertions becomes the reward, which is securely escrowed in an Ethereum smart contract. Engines that made the right assertion are rewarded with the money from the initial bounty from the enterprise plus the money the losing engines included with their assertions.Starting Price: $299 per month -
12
Google Chrome Enterprise
Google
Chrome Enterprise is a trusted browser solution designed for businesses to streamline operations while maintaining security and productivity. With enhanced security features, management controls, and integrations with existing enterprise ecosystems, Chrome Enterprise supports both traditional desktop setups and hybrid, remote work environments. It includes powerful features such as data loss prevention, Zero Trust access control, and centralized cloud management tools, ensuring your company’s data stays safe. Whether your team uses their own devices or company-issued hardware, Chrome Enterprise provides flexible, scalable, and secure access to business tools and resources.Starting Price: Free -
13
Comodo Antivirus
Comodo
Complete protection for all of your devices at only $29.99 per device includes an award-winning firewall, host intrusion prevention, sandbox for untrusted software, anti-malware, and buffer overflow protection to tackle today’s diverse threats. Simply put, our antivirus program has everything you and your family need to safely browse the internet and use your device. Our free download offers basic protection for your PC but depending on your needs, that may not be enough. Complete Antivirus actively protects you while you shop online, offers web filtering and unlimited product support! We are offering the best value on the market because we strongly believe in creating a cyber-safe environment for everyone. We are a company that develops the most advanced cyber-security solutions for enterprise businesses, and we use that same technology to protect homes across the world with Comodo Antivirus.Starting Price: $29.99 per year -
14
Hybrid Analysis
Hybrid Analysis
Here you can find common 'how-to' and troubleshooting guides around this community platform and aspects of the Falcon Sandbox platform. Please use the menu on the left side to navigate through some of the published articles. Hybrid Analysis requires that users undergo the Hybrid Analysis Vetting Process prior to obtaining an API key or downloading malware samples. Please note that you must abide by the Hybrid Analysis Terms and Conditions and only use these samples for research purposes. You are not permitted to share your user credentials or API key with anyone else. Please notify Hybrid Analysis immediately if you believe that your API key or user credentials have been compromised. At times, it may happen that a vetting request will get rejected due to incomplete data or a missing full real name, real business name or other means of validating cybersecurity credentials. In this case, it is possible to re-submit a vetting request one more time. -
15
Falcon Sandbox
CrowdStrike
Falcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen their defenses. Unique hybrid analysis technology detects unknown and zero-day exploits while defeating evasive malware. Uncover the full attack lifecycle with in-depth insight into all file, network, memory and process activity. Save time and make all security teams more effective with easy-to-understand reports, actionable IOCs and seamless integration. The most sophisticated analysis is required to uncover today’s evasive and advanced malware. Falcon Sandbox’s Hybrid Analysis technology exposes hidden behavior, defeats evasive malware and delivers more IOCs, to improve the effectiveness of the entire security infrastructure. -
16
FileScan.IO
FileScan GmbH
FileScan.IO is a next-gen malware analysis platform with the following emphasis: - Providing rapid and in-depth threat analysis services capable of massive processing - Focus on Indicator-of-Compromise (IOC) extraction and actionable context Key Benefits - Perform detection and IOC extraction for all common files in a single platform - Rapidly identify threats, their capabilities and update your security systems - Search your corporate network for compromised endpoints - Analyze files at scale without actually executing them - Easy reporting for entry level analysts and executive summary - Easy deployment and maintenance We offer a free community service which is a free malware analysis service that offers rapid in-depth file assessments, threat intelligence and indicator of compromise (IOCs) extraction for a wide range of executable files, documents and scripts. -
17
QFlow
Quarkslab
QFlow is an advance malware detection and analysis platform to reduce the risk of infection during file transfers. QFlow offers comprehensive detection methods and the customization and automation of processing chains to meet specific needs. QFlow integrates a suite of tools that allow advanced analysis of potentially malicious files: commercial antiviruses, commercial sandboxes, open source tools optimized with Quarkslab's expertise. The deployment modes offered, as well as the strict security requirements that apply to the solution, reduce the risk of data leakage. Use Cases: - detection of malware in files and URLs - advanced threat analysis for security engineers - simplified integration into IT infrastructure or business application chains via ICAP or APIs - removable device security through white stations Analysis: - Static analysis (4 AVs) - Dynamic analysis (VMRay) - Morphological analysis (Binary analysis by Cyber Detect's GORILLE) -
18
Binary Ninja
Binary Ninja
Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux. Disassemble executables and libraries from multiple formats, platforms, and architectures. Decompile code to C or BNIL for any supported architecture, including your own. Automate analysis with C++, Python, and Rust APIs from inside or outside the UI. Visualize control flow and navigate through cross-references interactively. Name variables and functions, apply types, create structures, and add comments. Collaborate effortlessly with synchronized commits using our Enterprise product. Our built-in decompiler works with all of our officially supported architectures at one price and builds on a powerful family of ILs called BNIL. In fact, not just our architectures, but even community architectures can produce amazing decompilation.Starting Price: $299 one-time payment -
19
Trojan Killer
Gridinsoft
GridinSoft Trojan Killer will perform the complete cleanup of your system from viruses. Plus, we will help you restore the ideal performance of your PC. Is a virus removal tool: fast, effective and reliable. For more convenient use we make it portable now – so that it is easy to run it on any computer. Even when internet is blocked! This antimalware solution effective for any cyber threats. We offer all-in-one tool that can assist you in removal of annoying advertisement modules, spyware and other malicious instruments developed by hackers.Starting Price: $35.95 per year -
20
VMRay
VMRay
At VMRay, we provide enterprises and technology partners worldwide with best-in-class, scalable, automated malware analysis and detection solutions that greatly reduce their exposure to malware-related threats, attacks and vulnerabilities. -
21
ReversingLabs Titanium Platform
ReversingLabs
A complete advanced malware analysis platform that speeds destructive file detection through automated static analysis. Delivered in any cloud, any environment, for every part of the enterprise. Over 360 file formats processed and 3600 file types identified from diverse platforms, applications & malware families. Real-time, deep inspection of files, scalable to 150 million files per day without dynamic execution. Tightly coupled connectors integrate industry leading email, EDR, SIEM, SOAR, and analytics platforms. Unique Automated Static Analysis fully dissects internal contents of files in 5 ms without execution, obviating the need for dynamic analysis in most cases. Empower dev and AppSec teams with the industry-leading SBOM that delivers a full and accurate software picture through dependency, malicious behavior and tampering visibility, that accelerates confident release and compliance, while giving the SOC deep software threat intelligence to isolate and respond. -
22
REMnux
REMnux
REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools. The easiest way to get the REMnux distro is to download the REMnux virtual machine in the OVA format, then import it into your hypervisor. You can also install the distro from scratch on a dedicated host or add it to an existing system running a compatible version of Ubuntu. The REMnux toolkit also offers Docker images of popular malware analysis tools, making it possible to run the them as containers without having to install the tools directly on the system. You can even run the REMnux distro as a container. For details about installing, using, and contributing to REMnux, as well as for information about the tools included in the toolkit, see the REMnux documentation site. -
23
VirusTotal
VirusTotal
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API. VirusTotal can be useful in detecting malicious content and also in identifying false positives, normal and harmless items detected as malicious by one or more scanners. As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API. -
24
Deep Discovery Inspector
Trend Micro
Deep Discovery Inspector is available as a physical or virtual network appliance. It’s designed to quickly detect advanced malware that typically bypasses traditional security defenses and exfiltrates sensitive data. Specialized detection engines and custom sandbox analysis detect and prevent breaches. Organizations are increasingly becoming victims of targeted ransomware when advanced malware bypasses traditional security, encrypts data, and demands payment to release the data. Deep Discovery Inspector uses known and unknown patterns and reputation analysis to detect the latest ransomware attacks, including WannaCry. The customized sandbox detects mass file modifications, encryption behavior, and modifications to backup and restore processes. Security professionals are flooded with threat data coming from numerous sources. Trend Micro™ XDR for Networks helps prioritize threats and provide visibility into an attack. -
25
Immunity Debugger
Immunity Debugger
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market. Python commands can also be run directly from our command bar. Users can go back to previously entered commands, or just click in the dropdown menu and see all the recently used commands. Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. -
26
IObit Cloud
IObit Cloud
Founded in 2004, IObit provides consumers with innovative system utilities and security software for superior PC performance and security. With more than 100 awards and 500 million downloads worldwide, IObit is a recognized industry leader in PC optimization and security software. IObit Cloud is an advanced automated threat analysis system. We use the latest Cloud Computing technology and Heuristic Analyzing mechanic to analyze the behavior of spyware, adware, trojans, keyloggers, bots, worms, hijackers and other security-related risks in a fully automated mode. -
27
Joe Sandbox
Joe Security
Tired of high level malware analysis? Perform one of the deepest analysis possible - fully automated or manual - from static to dynamic, from dynamic to hybrid, from hybrid to graph analysis. Rather than focus on one, use the best of multiple technologies including hybrid analysis, instrumentation, hooking, hardware virtualization, emulation and machine learning / AI. Check out our reports to see the difference. Deeply analyze URLs to detect phishing, drive by downloads, tech scam and more. Joe Sandbox uses an advanced AI based algorithm including template matching, perptual hashing, ORB feature detection and more to detect the malicious use of legit brands on websites. Add your own logos and templates to extend the detection capabilities. Interact with the sandbox through Live Interaction - directly from your browser. Click through complex phishing campains or malware installers. Test your software against backdoors, information leakage and exploits (SAST and DAST). -
28
PT MultiScanner
Positive Technologies
PT MultiScanner provides multiple levels of anti-malware protection to detect and block infections on corporate infrastructure, uncover hidden threats, and facilitate investigation of malware-related security incidents. Counting on the same antivirus vendor to be right every time? Draw on the best anti-malware vendors and Positive Technologies expertise instead. Extensive integration support and scalability make PT MultiScanner the right choice for both startups and the largest corporations. Suspicious objects are scanned with multiple anti-malware engines, static analysis, and Positive Technologies reputation lists. The solution supports scanning of files and archives, including recursively compressed ones. As a result, PT MultiScanner can spot and block malware far more effectively than any one method used in isolation. -
29
FileAlyzer
Spybot
If you want to know more about the inner life of files, FileAlyzer is the tool you urgently need! FileAlyzer shows basic file content, a standard hex viewer, and a wide range of customized displays for interpreted complex file structures that help you understand the purpose of a file. It also supports generation of OpenSBI advanced file parameters, with FileAlyzer you can find the right attributes to write your own optimized malware file signatures! Files as you see them do often contain more than the visible content, through so-called alternate data streams. FileAlyzer makes the additional information in these streams visible through a list of streams associated with the current file, and a basic hex viewer. Sometimes, malware attaches itself as a custom stream to legit files, and can be identified here. Android apps are actually zip archives that include the app code and many resources and configuration files. FileAlyzer will display a few app properties. -
30
YARA
YARA
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. YARA-CI may be a useful addition to your toolbelt. This is GitHub application that provides continuous testing for your rules, helping you to identify common mistakes and false positives. The above rule is telling YARA that any file containing one of the three strings must be reported as silent_banker.