Malware Domain List

Malware Related => Malware Analysis => Topic started by: sowhat-x on December 07, 2007, 03:25:01 am

Title: Malware Analysis Online Services
Post by: sowhat-x on December 07, 2007, 03:25:01 am
...A quick short list of online malware analysis services,in order to make life easier...
Note that it is absolutely NOT necessary to make use of the following services,
before submitting direct links to sites hosting malware/exploits etc:
this goes up completely at your own personal choice...  :)

UploadMalware
http://www.uploadmalware.com/
From our good friend CM_MWR,lol...  ;D

VirusTotal
Provided by Hispasec Sistemas S.L.
http://www.virustotal.com/

Jotti's malware scan
Created and provided by Jordi Bosveld
http://virusscan.jotti.org/

Anubis
-------
Sponsored by Secure Business Austria
Developed by Secure Systems Lab (Vienna University of Technology)
http://analysis.seclab.tuwien.ac.at/

ThreatExpert
--------------
Developed by the team of professionals who created PC Tools' flagship products.
http://www.threatexpert.com/default.aspx

VirSCAN Online AV Scanner
http://virscan.org/

Filterbit
http://www.filterbit.com/
Title: Re: Malware Analysis Online Services
Post by: brewt on December 27, 2007, 09:18:19 am
analyze malware behavior
http://research.sunbelt-software.com/Submit.aspx
http://www.norman.com/microsites/nsic/ (linked via anubis (http://analysis.seclab.tuwien.ac.at/links.php))
http://www.joebox.org/ (linked via anubis)
https://www.microsoft.com/security/portal/submit.aspx

scan web pages
http://linkscanner.explabs.com/linkscanner/default.asp

http://online.drweb.com/

not sure about this one:
http://scanner.virus.org/
Title: Re: Malware Analysis Online Services
Post by: sowhat-x on January 21, 2008, 01:59:07 pm
Assiste.com.free.fr
http://assiste.com.free.fr/p/antivirus_gratuits_en_ligne/envoyer_un_echantillon_par_email_a_l_analyse.html

Not a virus/malware analysis service,but a (french speaking) site,
that maintains a frequently updated list of all AV companies' current mail addresses.
Ie.so that someone can easily send a sample to most of them at once...
Title: Re: Malware Analysis Online Services
Post by: swisstom70 on January 29, 2008, 06:01:34 pm
WOW, Anubis made it to this list :-) I just found out about this great site at the deepsec conference in november 2007 in vienna.

here's another site like Anubis (in some ways better, in other ways not)

http://cwsandbox.org/
Title: Re: Malware Analysis Online Services
Post by: brewt on February 14, 2008, 03:34:16 am
http://www.norman.com/microsites/nsic/ (linked via anubis (http://analysis.seclab.tuwien.ac.at/links.php))
http://www.joebox.org/ (linked via anubis)

p.s. you can see the word "sunbelt" in the logo of cwsanbox.org because sunbelt owns it, as can also be seen from the licensing page.
Title: Re: Malware Analysis Online Services
Post by: brewt on February 26, 2008, 02:30:36 am
https://www.microsoft.com/security/portal/submit.aspx
Title: Re: Malware Analysis Online Services
Post by: Lusher on February 27, 2008, 02:50:24 pm
http://wiki.castlecops.com/Online_malware_scans_-_Comparison#Multiple_engine_scans
Title: Re: Malware Analysis Online Services
Post by: MysteryFCM on April 29, 2008, 07:57:49 pm
Not sure if they really count but what the heck;

http://web-sniffer.net

http://vurl.mysteryfcm.co.uk
Title: Re: Malware Analysis Online Services
Post by: sowhat-x on May 13, 2008, 06:04:43 am
Project Malfease
http://malfease.oarci.net/

...For more info/details,check out the following papers:
https://malfease.oarci.net/help/av_evasion.pdf
https://malfease.oarci.net/help/malware_repo_update.pdf
Title: Re: Malware Analysis Online Services
Post by: JohnC on September 29, 2008, 02:15:00 am
http://camas.comodo.com/cgi-bin/submit  (thanks to Kayrac for mentioning it.)
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on November 17, 2008, 06:40:33 pm
http://www.suspectfile.com/index.php (http://www.suspectfile.com/index.php)
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on January 15, 2009, 10:41:42 pm
Shellcode 2 EXE
http://sandsprite.com/shellcode_2_exe.php

JSUNPACK
http://jsunpack.jeek.org/dec/go

Eureka Malware Analysis
http://eureka.cyber-ta.org
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on January 30, 2009, 07:17:18 am
WEPAWET

http://wepawet.iseclab.org/index.php (http://wepawet.iseclab.org/index.php)

Online Flash/Javascript Analyzer

NEW : URL Submission Feature !!!!
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on February 03, 2009, 05:39:48 pm
F-SECURE SAMPLE ANALYSIS SYSTEM

https://analysis.f-secure.com

requires registration
Title: Re: Malware Analysis Online Services
Post by: sowhat-x on March 22, 2009, 07:17:03 am
BitBlaze Malware Analysis Service
https://aerie.cs.berkeley.edu/index.php
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on October 26, 2009, 07:57:34 am
Xandora by Panda
http://xandora.security.net.my/index.php

Quote
Xandora is a service for analyzing malware.
Submit your Windows executable and receive an analysis report telling you what it does.

Title: Re: Malware Analysis Online Services
Post by: SysAdMini on October 31, 2009, 04:32:54 am
FilterBit
http://filterbit.com/index.cgi
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on February 11, 2010, 10:40:50 pm
mwanalysis
http://mwanalysis.org/

formerly cwsandbox.org
Title: Re: Malware Analysis Online Services
Post by: hamzehokour on February 25, 2010, 09:58:57 pm
http://analysis.avira.com/samples/index.php
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on May 02, 2010, 09:52:32 am
JoeDoc

http://joedoc.org/

Quote
Joedoc is a novel automated runtime system for detecting exploits in applications running on end-user systems.

In its beta state it currently detects PDF exploits for Acrobat Reader 7.0.5, 8.1.2, 9.0 and 9.2.

To check if your pdf contains any malicious content follow the instructions below:

   1. Add your pdfs (with .pdf extension) to a zip and protect the zip with the password "infected".
   2. Send your zip file to submit@joedoc.org as an email attachement.
   3. Wait for the result which is sent back after a short while.


By submitting data to Joedoc you agree to the following terms and conditions.

Be patient we are currently adding features to detect exploits for Internet Explorer 8.0 and 9.0 as well as Microsoft Office documents.
Title: Re: Malware Analysis Online Services
Post by: cleanmx on May 02, 2010, 10:11:25 am
JoeDoc

http://joedoc.org/

Quote
Joedoc is a novel automated runtime system for detecting exploits in applications running on end-user systems.

In its beta state it currently detects PDF exploits for Acrobat Reader 7.0.5, 8.1.2, 9.0 and 9.2.

To check if your pdf contains any malicious content follow the instructions below:

   1. Add your pdfs (with .pdf extension) to a zip and protect the zip with the password "infected".
   2. Send your zip file to submit@joedoc.org as an email attachement.
   3. Wait for the result which is sent back after a short while.


By submitting data to Joedoc you agree to the following terms and conditions.

Be patient we are currently adding features to detect exploits for Internet Explorer 8.0 and 9.0 as well as Microsoft Office documents.

Stefan told me about this 3 weeks ago, but i think joebox is much more better...

I currently submit all executables, all pdf's !!! and all rar and zips to joebox, I think reports are fantastic... to dig in deeper..

-- gerhard
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on July 20, 2010, 06:25:31 pm
viCHECK.ca

https://vicheck.ca/

Quote
We can accept any type of file including executables, documents, spreadsheets, presentations, compiled help files, database packages, PDF, images, emails, or archives. You can also submit a file from a remote web address.

Our scanning system will automatically process and email you back a report about your submitted files. Occasionally we may contact you for more information about particularly interesting samples, together we can help make the internet a safer place for everyone.

For your convenience, you can also forward your malware samples by email to hereyougo@vicheck.ca . Please try to include the full email headers wherever possible (you may need to view headers then copy and paste them into the forwarded message.)
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on August 31, 2010, 04:10:13 pm
pdf examiner
http://www.malwaretracker.com/pdf.php

Quote
View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits (CVE-2007-5659, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-1493, CVE-2010-0188 and embedded /Action commands), process PDF compression (FlateDecode, ASCIIHexDecode, LZWDecode, ASCII85Decode, RunLengthDecode), encryption (128 bit AESV2), and obfuscation (unicode, Hex, fromCharCode). Browse objects.

shellcode analysis
http://www.malwaretracker.com/shellcode.php
Title: Re: Malware Analysis Online Services
Post by: Kensley on December 20, 2010, 02:22:04 am
Does anyone know what was used to produce this report (http://utcheats.info/cheats-6/ct-hook-0-4-fully-undetected-aimbot-for-ut2004-now-passes-antitcc/msg4676/#msg4676)? Seems like a nice little tool!
Title: Re: Malware Analysis Online Services
Post by: foks on December 20, 2010, 06:20:22 am
Does anyone know what was used to produce this report (http://utcheats.info/cheats-6/ct-hook-0-4-fully-undetected-aimbot-for-ut2004-now-passes-antitcc/msg4676/#msg4676)? Seems like a nice little tool!

The report looks similar to http://www.spamfighter.com/VIRUSfighter/Archive/17133-W32_Bagle_AK-1.asp, which is based on Norman Sandbox.
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on May 19, 2011, 11:21:59 am
Malbox
http://malbox.xjtu.edu.cn/

report example
Code: [Select]
                 .__  ___.                   
  _____  _____   |  | \_ |__    ____ ___  ___
/     \ \__  \  |  |  | __ \  /  _ \\  \/  /
|  Y Y  \ / __ \_|  |__| \_\ \(  <_> )>    <
|__|_|  /(____  /|____/|___  / \____//__/\_ \
      \/      \/           \/              \/
                                                   
=====Sample Summary=====
File name: sample.exe
MD5: 439C24E6CA0CD8CE7986F834B83A70FC
SHA1: A002376D70F119E2DFA6EE2FC50389565A767065
SHA256: DFD5F008815BE4735799BD05515C7B3130224AE3A965BF3704290583295A41E1

=====Major Threats=====
[Create file in sensitive path] C:\flash.exe

=====Behavior Details=====

Create process:
sample.exe --> C:\WINDOWS\system32\cmd.exe
cmd.exe --> C:\WINDOWS\system32\reg.exe
sample.exe --> C:\WINDOWS\system32\ntvdm.exe

Create remote thread:
sample.exe --> cmd.exe
cmd.exe --> reg.exe
sample.exe --> ntvdm.exe

Create file:
sample.exe --> C:\WINDOWS\TEMP\HXVsB.bat
sample.exe --> C:\flash.exe
ntvdm.exe --> C:\WINDOWS\TEMP\scs3.tmp
ntvdm.exe --> C:\WINDOWS\TEMP\scs4.tmp

Delete file:
sample.exe --> C:\WINDOWS\Temp\HXVsB.bat
ntvdm.exe --> C:\WINDOWS\Temp\scs3.tmp
ntvdm.exe --> C:\WINDOWS\Temp\scs4.tmp

Create key:
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Multimedia\Audio
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Multimedia\Audio Compression Manager
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Run
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000004548d
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Visual Basic
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Visual Basic\6.0

Set value key:
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [0B E5 62 E5 B9 F0 31 EF ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [F4 88 48 6C 27 F7 42 30 ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [7A 3E 68 8B E6 73 24 75 ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [42 80 88 9C 4D 6D EB 0B ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [01 66 20 39 AE 97 DC 28 ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [9F 9C 41 0F 46 15 A5 E3 ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [2B E5 64 F7 57 D9 C1 0F ...]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [D7 8C AB 02 A8 DB E5 CC ...]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal ["D:\Backup\我的文档"]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents ["C:\Documents and Settings\All Users\Documents"]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop ["C:\Documents and Settings\Administrator\桌面"]
sample.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop ["C:\Documents and Settings\All Users\桌面"]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass [0x1]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName [0x1]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet [0x1]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache ["C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files"]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies ["C:\Documents and Settings\Administrator\Cookies"]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\TEMP\HXVsB.bat ["HXVsB"]
reg.exe --> \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed [CD 36 74 BD CB 46 EE A1 ...]
reg.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\CurrentVersion\Run\flash ["\flash.exe"]
sample.exe --> \REGISTRY\USER\S-1-5-21-1177238915-1647877149-2147093213-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\flash.exe ["flash"]
Title: Re: Malware Analysis Online Services
Post by: x0ner on October 17, 2011, 07:16:01 pm
https://www.pdfxray.com

Submit and do analysis on PDF files.
Title: Re: Malware Analysis Online Services
Post by: shellc0de on January 03, 2012, 10:24:56 pm
http://pyms86.appspot.com/

Very useful when you don't have a copy of IDA on hand and you found some shellcode...
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on January 23, 2012, 08:40:14 am
malwr
http://malwr.com/

Quote
Malwr.com is a free malware analysis service.

It allows you to analyze suspicious files and extract information on their process and network behavior while being executed. It's built on top of an open source malware analysis system called Cuckoo Sandbox, which is developed and maintained by the same people behind this website: http://cuckoobox.org/
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on January 26, 2012, 08:56:02 am
Zulu URL Risk Analyzer
http://zulu.zscaler.com/#
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on March 20, 2012, 07:19:34 pm
Online Malware Analysis Sandbox Comparison
http://ossectools.blogspot.de/2012/02/online-malware-analysis-sandbox.html
Title: Re: Malware Analysis Online Services
Post by: dlipman on April 05, 2012, 11:41:37 pm
Stefan told me about this 3 weeks ago, but i think joebox is much more better...

I currently submit all executables, all pdf's !!! and all rar and zips to joebox, I think reports are fantastic... to dig in deeper..

-- gerhard

Hi Gerhard:

Stefan has just released JoeSecurity Sandbox v5.0.  
It has been updated for multiple capabilities but most notable is its crunching Phoenix, Blackhole and other exploits.

I have attached data generated by JoeSecurity Sandbox v5.0 for the Blackhole site;  http://50.2.7.109/showthread.php?t=73a07bcb51f4be71

EDIT:

I have removed the PCAP, HTML report and BINs.  They were there long enough.   ;D
Title: Re: Malware Analysis Online Services
Post by: dlipman on July 30, 2012, 06:59:26 pm
There is a new addition to the JoeSecurity.Org malware analysis lineup.

Joe Document Dissector (http://joedd.joesecurity.org/) (aka; Joe DD)

Quote
Joe DD - "Joe Document Dissector" is a free automated malware analysis platform for detecting malicious documents.

It opens documents in Acrobat Reader, Microsoft Office Word, Excel or Powerpoint and monitors the behavior of the application. With the help of over 200 generic behavior signatures it determines if the application behaves maliciously.

Currently Joe DD checks documents against the following applications / versions:

    * Acrobat Reader 8.1.2
    * Acrobat Reader 9.3.4
    * Acrobat Reader 9.4.6
    * Acrobat Reader 10.1.3
    * Office (Word, Excel, Powerpoint) 2003
    * Office (Word, Excel, Powerpoint) 2003 SP3
    * Office (Word, Excel, Powerpoint) 2007 SP3
    * Office (Word, Excel, Powerpoint) 2010 SP2


and provides additional data such as static file informations, process startup lists, created / dropped files and contact domains.
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on October 14, 2013, 02:54:05 pm
Sandy, a new online service for #Java exploit analysis
http://exploit-analysis.com/sandy/index.php

Quote
Traditional malware sandboxes are built to analyze binary samples and you can submit binary files blindly to it with out knowing much about them. But that is not the case with exploit samples where a certain criteria抯 needed to be satisfied for successful exploitation, like a document exploit might only work on Chinese xp box or a java exploit will only drop files on mac machine etc. And talking about java exploits, there is no sandbox that process java exploit at all. So their needs to be an intelligent specialized system that process these exploit samples.

Our aim is to build an exploit analysis engine specialized in processing file format exploits.

The main aim of sandy is to extract the embedded executable, dropped documents and url controllers from these file formats and provide attribution to the Attack groups and there technology. Sandy initial analysis it performs multiple static analysis, that included detecting simple XOR, ROL, ROR encryption, Packer detection, Signature scan,Shellcode Detection, Meta Data analysis, Entropy and Cryptanalysis, File version detection and finally provides the extracted analysis data after processing for download to the end user. Once the static analysis is finished the data generated is passed on to our dynamic analysis box for improved efficiency. All current systems out there blindly pass exploit samples to a dynamic sandbox. But sandy uses the static analysis data to do an intelligent dynamic analysis, there by making the system unique.
Title: Re: Malware Analysis Online Services
Post by: SysAdMini on November 27, 2014, 10:35:36 pm
Hybrid Analysis

https://www.hybrid-analysis.com/

Quote
Pure dynamic analysis is not enough anymore these days, as malware evolves and detects sandbox systems. Often, the real payload is not executed and triggered through timebombs or other mechanisms. Combining static with dynamic analysis in a hybrid solution is a next generation approach when it comes to malware analysis. As data load grows, we need performant and intelligent solutions. That is what we offer with our product VxStream Sandbox - a fully automated malware analysis solution with integrated Hybrid Analysis technology.