Unparalleled performance

VMRay Analyzer provides full insight into malware activity. Easy to install and use without special expertise. Get comprehensive results the way you want them.

Discover More

Featured Video

How It Works

See how our agentless hypervisor-based monitoring approach analyzes and detects threats that other approaches can’t.

More videos


Decoding the Screenlocker (Ransomlock) Activation key

Recently our team analyzed FreeDownloadManager.exe which is screen-locking malware, or Ransomlock. Victims get a screen that looks like a Windows activation screen: They are prompted to call a toll-free number whereby they would presumably be asked to pay a fee in return for the ‘activation code’ that would unlock the victim’s computer. Fortunately, our team was […]

Read More “Decoding the Screenlocker (Ransomlock) Activation key”

VMRay Analyzer V 1.11: YARA, CarbonBlack and more

VMRay Analyzer  V 1.11 is now out, and once again we’re happy with the result and the added functionality we’ve baked in. Here’s an overview of some of the new features: CarbonBlack Connector CarbonBlack (CB) is the industry’s leading EDR vendor so they were a logical choice for our first out of the box integration. […]

Read More “VMRay Analyzer V 1.11: YARA, CarbonBlack and more”

Word macro uses WMI to detect VM environments

We recently came across an interesting malicious Word document that used an embedded Word macro to detect whether or not it was being opened inside a VM. If no VM was detected, the macro proceeded to attempt to download a payload (executable) to infect the machine. Let’s take a look at our analysis and how VMRay’s Function […]

Read More “Word macro uses WMI to detect VM environments”

See all posts