VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
One of the key features in VMRay Analyzer 2.0 is the built-in reputation engine that identifies known malicious or known benign files in milliseconds. The addition of the reputation engine gives Incident Responders and Malware Analysts a powerful “One-Two” combination of rapid threat detection and detailed analysis of malware behavior.
In boxing, the “One-Two” combination is an essential component of a fighter’s arsenal. A left jab followed by a right cross is one the most effective combinations a fighter can unleash on his opponent. In the fight against malware, it’s just as important for Malware Analysts and Incident Responders to
We have started to see malware authors use embedded Visual Basic (VBA) macros in many unconventional file types to attack hosts. In response to this trend, VMRay Analyzer V 2.0 now supports the analysis of Microsoft Access and Microsoft Publisher files. Support for analysis of new sample types means greater
VMRay Analyzer V 2.0 will be released this week and we’ll be presenting it at the RSA Conference next week. The latest release has many new features including the addition of a built-in reputation engine that identifies known malicious or known benign files in milliseconds, support for the analysis of
This past week, a new Ransomware variant called Spora was spotted in the wild. Currently, Spora only targets Russian-speaking users. What’s interesting about this Ransomware is that its payment site is so well designed, one could think they are running a legitimate business. The dropper for Spora is basically an
A new code injection technique is effective in bypassing most analysis and detection methods. Code injection has been a favorite technique of malware authors for many years. Injecting malicious code into an otherwise-benign process is an effective way of masking malware from anti-virus and sandbox detection. It is used to
There is a new ransomware going wild in Germany called Goldeneye, which is a variant of Petya. It’s targeting German-speaking users via email by attaching an application (Bewerbung) in Excel format (xls). At the time we started analyzing the Goldeneye malware, VirusTotal scored 9/54, but the score varied for different
There have been several variants of the Hancitor malware family seen in the wild over the past several months. Recently, Carbon Black, a VMRay integration partner, provided an in-depth analysis of a specific strain of the Hancitor Malware family that uses a Microsoft calendar identifier to deliver malware to unsuspecting
Sharing is caring. Nowhere is this more true than for defenders that need to be able to quickly and seamlessly share critical information about malware and the attackers behind them. In the jargon of our industry that means using TIPs (Threat Intelligence Platforms) to ingest, export and correlate IOCs (Indicators
We recently came across an interesting malicious Word document that used an embedded Word macro to detect whether or not it was being opened inside a VM. If no VM was detected, the macro proceeded to attempt to download a payload (executable) to infect the machine. Let’s take a look
A Deep Dive into Automated, Customizable Threat Scoring In this second blog post about what’s new in V 1.10 we drill down into our VMRay Threat Identifier (VTI) engine and its threat scoring. It automatically identifies and flags malicious behavior using VTI rules, generating an overall severity score of malicious
Malware authors are always looking for an edge to evade detection and extend the useful life of their creations. In the constant cat-and-mouse game between malware authors and security vendors, malware authors must constantly revise and reinvent their product. They will consider anything they can do to avoid detection. Along
We have a mission at VMRay to build the ultimate malware Panopticon with a twist. The original 18th century Panopticon design was conceived as a way to monitor inmates in an institution in such a way that they could never know where or when they were being observed – so
We’ve just released V 1.10 and we’re well on the way to building the ultimate Panopticon for malware. To reach that goal with automated malware analysis and detection, three criteria must be met: The analyzer must scale The analyzer must avoid detection & evasion by the malware being analyzed The
The ransomware 7ev3n-HONE$T is a new version of an existing ransomware, 7ev3n, with a twist – a much lower ransom fee. Early this year, as reported in January by Graham Cluley, BleepingComputer and others, the original 7ev3n ransomware was spotted in the wild encrypting victims‘ files on Windows machines and

In the era of Big Data scalability is always a key concern. Simply throwing hardware at the problem isn’t enough. If the software architecture can’t fully take advantage of the available bandwidth and compute power, bottlenecks remain. One of VMRay Analyzer’s main advantages is our agentless hypervisor-based approach, allowing substantially

The automated creation and deployment of fully custom VMs (Virtual Machines) as analyses targets may seem like an arcane topic, but it’s crucially important to successful threat analysis, particularly for targeted attacks. There are several reasons: Targeted attacks using custom(ized) malware often will check for specific attributes on the target

Malware that evades detection is nothing new. But in a constantly evolving threat landscape, particularly around targeted attacks, we now see more Environment-Sensitive Malware. This is alternately known as context-aware or environment-aware malware. Not a low carbon footprint variety, but rather malware that is tailored to run only under certain

It’s day #2 for me at VMRay but in many ways I’ve really just come ‘home’ having already worked with the founders of VMRay for quite a few years when I ran Sunbelt Software’s Advanced Technology Group (sold to GFI and now spun out as ThreatTrack). When I got the
In our recent blog post “Blinding Malware Analysis with COM Objects” we talked about the steady trend of malware using Microsoft’s Component Object Model (COM) for evading sandbox analysis. The reason why COM can be used to perform stealth operations is that traditional dynamic analysis systems monitor program behavior by
Merge malware analysis with intelligence sources to enhance research, detection and mitigation in ThreatConnect. Arlington, VA, August 14, 2015 – ThreatConnect, Inc., the leading provider of security services including the ThreatConnect® Threat Intelligence Platform (TIP), today announced a partnership with VMRay for ThreatConnect’s TC Exchange™. Current users of VMRay Analyzer
A key capability for malware is to prevent or delay analysis, usually by implementing dynamic malware analysis detection and evasion. When successful, this can substantially increase the time the malware can continue in the wild undetected, blocked or remediated. While most in-the-wild evasion techniques are rather simple, there also exist
COM Introduction The Component Object Model (COM) is quite an old technology that was introduced by Microsoft in the early 90s. It allows the development and usage of binary software components in a language and architecture independent way. To this end, COM classes are provided by COM servers and can
This article is provided by courtesy of VMRay GmbH. As part of her Summer Tour #NRWVierNull focusing on the progress of digital change, the Prime Minister of the German State of North Rhine-Westphalia, Hannelore Kraft, visited VMRay GmbH in Bochum on 15 July 2015. Cyber security is an important part
Dyre is an advanced banking trojan family that uses phishing to hijack bank accounts from infected machines. According to estimates by researchers, the authors behind have already stolen over a million USD using this malware. It has been around for more than a year and is steadily updated to incorporate
One of the great advantages of VMRay is that its core is completely agnostic to the targeted guest operating system and the underlying hardware platform. To utilize this great feature, we had have been busy working to add additional support for other guest operating systems during the last weeks. VMRay
This article is provided by courtesy of VMRay GmbH. Bochum, Germany: March 18th, 2015 – VMRay GmbH, provider of the fastest and most comprehensive threat analysis capabilities in the market, announced today that it has entered into a technology partnership with CrowdStrike Inc., a leading provider of next-generation endpoint protection,
We published a 20 minute video that demonstrates how VMRay Analyzer can be used to automatically create detailed and comprehensive analysis of dangerous malware threats. To illustrate this process, we take a quick tour on the Wiper malware, that seemed to be involved in the latest Sony breaches.
Introduction Rovnix is currently one of the most prevalent 64-bit rootkits, especially since the source code leaked as part of the Carberp malware. Since then, every malware author has basically been able to create their own custom 64-bit rootkit version and we are therefore constantly seeing new variants in the
Measuring performance of a malware analysis system in “samples per hour” is misleading and does not in any way give an accurate representation of it effectiveness. However, this measure is often used to conceal the significant overhead of such solutions. In practice, the throughput of “samples per hour” almost completely
VMRay Analyzer is currently still in its hot beta phase, however we plan to finish our first product release soon. In the past few weeks, we not only fixed bugs, but also improved our software by adding a number of additional functionalities. As you may already know, our new analyzer
We recently completed the beta version of our malware analysis suite, VMRay Analyzer, and presented it to our pilot customers. The official product release date will be in July 2014, after we have fixed minor bugs in the high-level reports, as well as completed the .PDF and .DOC analysis. We
This article is provided by courtesy of VMRay GmbH. Bochum/Bonn May 15, 2014 – VMRay GmbH has successfully closed its seed financing round. High-Tech Gruenderfonds (HTGF) invests in the development and marketing of the next-generation malware analysis software of VMRay, which has a special focus on complex 64-bit malware such
In its ramp-up to the market launch, VMRay, the next-generation malware-analysis company, is building its management strength and governance by adding two seasoned managers to its advisory board. This is another step towards rounding out the competencies of the company by adding special skills and specific, in particular geographical experiences.
Meike Klinck interviewed Ralf Hund for the “AllesING”-magazine that regularly introduces spinoffs from the HGI institute of the Ruhr-University Bochum. The founder talks about the idea and uniqueness of the VMRay software and about the obstacles and challenges in founding a new company. The interview can be found here: http://www.ing.rub.de/news/news00111.html.de
At this year VB2013 conference Ralf Hund gave a presentation on “Hardware-Assisted System Monitoring“. He described how modern hypervisor extensions can be utilized to realize a performant, transparent and isolated system monitoring. Use cases of this monitoring system are mainly the analysis of malware, especially of highly sophisticated instances such
Carsten Willems and Ralf Hund have been interviewed about their research interests and what they aim to bring to VB2013. The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today’s most pertinent security-related topics. In the build-up to the event
Vmray threatfeed

Latest Malware Analysis Reports

Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!