How Malware Evades Sandbox Analysis

Malware authors use 3 categories of techniques to conceal the real behavior of malicious files and evade analysis.

Learn More

How VMRay Analyzer Works

See how our agentless hypervisor-based monitoring approach analyzes and detects threats that other approaches can’t.

More videos

Blog

Built-In YARA Rulesets for Increased Efficacy and Classification

YARA is an open source tool that helps malware researchers identify and classify malware by family based on known binary patterns and strings. YARA works by ingesting rules and applying them against various elements of the analysis (such as files and registry keys) to flag potentially malicious files and processes. Signature-based detection with YARA rulesets has its […]

Read More “Built-In YARA Rulesets for Increased Efficacy and Classification”

Petya/NotPetya/ExPetr Cyber Attack is More Wiper Than Ransomware

Malware Family: (Not)Petya Hash Value SHA256: 027cc450ef5f8c5f653329641ec1fed 91f694e0d229928963b30f6b0d7d3a745 View the Full Petya Analysis Report According to Microsoft, the Petya (also referred to as NotPetya/ExPetr) Ransomware attack started its initial infection through a compromise at the Ukrainian company M.E.Doc, a developer of tax accounting software. We took a closer look and did a full analysis using VMRay […]

Read More “Petya/NotPetya/ExPetr Cyber Attack is More Wiper Than Ransomware”

404 Error Page Hides RAMNIT.A Worm in the Source Code

Malware Family: Win32/Ramnit Hash Values MD5: 089dc369616dafa44a9f7fefb18e8961 SHA1: c4a2430634b7ca7427d2c055dbbb1fb8cd42a285 SHA256: 4ebafa2738f11d73d06dddf18ce41cf 02c6913f431f2b383f7abaa0d04419f2f View the Full RAMNIT.A Worm Analysis Report Most of the time, links aren’t dangerous without user interaction. Recently, we discovered an innocent-looking link for a JPG picture that prompts a user to activate ActiveX on IE. Leveraging a social engineering technique, if the user […]

Read More “404 Error Page Hides RAMNIT.A Worm in the Source Code”

See all posts