ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

VMRay Blog

Stay current on the threat landscape with industry-leading cybersecurity insights!
Try VMRay
2017-01-17

Spora Ransomware Dropper Uses HTA to Infect System

This past week, a new Ransomware variant called Spora was spotted in the wild. Currently, Spora only targets Russian-speaking users. What’s interesting about this Ransomware is that its payment site is so well designed, one could think they are running a legitimate business. The dropper for Spora is basically an
Read More
2016-12-14

AtomBombing Evasion and Detection

A new code injection technique is effective in bypassing most analysis and detection methods. Code injection has been a favorite technique of malware authors for many years. Injecting malicious code into an otherwise-benign process is an effective way of masking malware from anti-virus and sandbox detection. It is used to
Read More
2016-12-08

Goldeneye Ransomware Uses COM to Execute Malicious JavaScript

There is a new ransomware going wild in Germany called Goldeneye, which is a variant of Petya. It’s targeting German-speaking users via email by attaching an application (Bewerbung) in Excel format (xls). At the time we started analyzing the Goldeneye malware, VirusTotal scored 9/54, but the score varied for different
Read More
2016-12-08

Hancitor Uses Microsoft Word to Deliver Malware

There have been several variants of the Hancitor malware family seen in the wild over the past several months. Recently, Carbon Black, a VMRay integration partner, provided an in-depth analysis of a specific strain of the Hancitor Malware family that uses a Microsoft calendar identifier to deliver malware to unsuspecting
Read More
2016-11-28

Threat intelligence sharing with MISP and VMRay

Sharing is caring. Nowhere is this more true than for defenders that need to be able to quickly and seamlessly share critical information about malware and the attackers behind them. In the jargon of our industry that means using TIPs (Threat Intelligence Platforms) to ingest, export and correlate IOCs (Indicators
Read More
2016-07-11

Word macro uses WMI to detect VM environments

We recently came across an interesting malicious Word document that used an embedded Word macro to detect whether or not it was being opened inside a VM. If no VM was detected, the macro proceeded to attempt to download a payload (executable) to infect the machine. Let’s take a look
Read More
2016-07-05

Custom Threat Scoring with VTI

A Deep Dive into Automated, Customizable Threat Scoring In this second blog post about what’s new in V 1.10 we drill down into our VMRay Threat Identifier (VTI) engine and its threat scoring. It automatically identifies and flags malicious behavior using VTI rules, generating an overall severity score of malicious
Read More
2016-05-25

Powershell Ransomware – a PowerWare Deep Dive

Malware authors are always looking for an edge to evade detection and extend the useful life of their creations. In the constant cat-and-mouse game between malware authors and security vendors, malware authors must constantly revise and reinvent their product. They will consider anything they can do to avoid detection. Along
Read More
2016-05-12

Eliminating the Observer Effect in Malware Analysis

We have a mission at VMRay to build the ultimate malware Panopticon with a twist. The original 18th century Panopticon design was conceived as a way to monitor inmates in an institution in such a way that they could never know where or when they were being observed – so
Read More
2016-05-03

VMRay Analyzer 1.10 is here: STIX/CybOX, SIEM, PowerShell & more

We’ve just released V 1.10 and we’re well on the way to building the ultimate Panopticon for malware. To reach that goal with automated malware analysis and detection, three criteria must be met: The analyzer must scale The analyzer must avoid detection & evasion by the malware being analyzed The
Read More
2016-05-02

7ev3n-HONE$T –Ransomware for the rest of us

The ransomware 7ev3n-HONE$T is a new version of an existing ransomware, 7ev3n, with a twist – a much lower ransom fee. Early this year, as reported in January by Graham Cluley, BleepingComputer and others, the original 7ev3n ransomware was spotted in the wild encrypting victims‘ files on Windows machines and
Read More
2016-04-29

HyperScaling Malware Analysis

In the era of Big Data scalability is always a key concern. Simply throwing hardware at the problem isn’t enough. If the software architecture can’t fully take advantage of the available bandwidth and compute power, bottlenecks remain. One of VMRay Analyzer’s main advantages is our agentless hypervisor-based approach, allowing substantially

Read More
2016-04-29

Automating Custom VM Setups

The automated creation and deployment of fully custom VMs (Virtual Machines) as analyses targets may seem like an arcane topic, but it’s crucially important to successful threat analysis, particularly for targeted attacks. There are several reasons: Targeted attacks using custom(ized) malware often will check for specific attributes on the target

Read More
2016-04-29

Context-Aware Malware: Analyzing Environment-Sensitive Malware

Malware that evades detection is nothing new. But in a constantly evolving threat landscape, particularly around targeted attacks, we now see more Environment-Sensitive Malware. This is alternately known as context-aware or environment-aware malware. Not a low carbon footprint variety, but rather malware that is tailored to run only under certain

Read More
2015-09-15

Hello World – blogging for VMRay.

It’s day #2 for me at VMRay but in many ways I’ve really just come ‘home’ having already worked with the founders of VMRay for quite a few years when I ran Sunbelt Software’s Advanced Technology Group (sold to GFI and now spun out as ThreatTrack). When I got the
Read More
2015-09-01

Sandbox Evasion with COM by Malware in-the-Wild

In our recent blog post “Blinding Malware Analysis with COM Objects” we talked about the steady trend of malware using Microsoft’s Component Object Model (COM) for evading sandbox analysis. The reason why COM can be used to perform stealth operations is that traditional dynamic analysis systems monitor program behavior by
Read More
2015-08-31

ThreatConnect, Inc. Announces Partnership with VMRay

Merge malware analysis with intelligence sources to enhance research, detection and mitigation in ThreatConnect. Arlington, VA, August 14, 2015 – ThreatConnect, Inc., the leading provider of security services including the ThreatConnect® Threat Intelligence Platform (TIP), today announced a partnership with VMRay for ThreatConnect’s TC Exchange™. Current users of VMRay Analyzer
Read More
2015-07-30

VM Detection by Malware in the Wild

A key capability for malware is to prevent or delay analysis, usually by implementing dynamic malware analysis detection and evasion. When successful, this can substantially increase the time the malware can continue in the wild undetected, blocked or remediated. While most in-the-wild evasion techniques are rather simple, there also exist
Read More
2015-07-21

Blinding Malware Analysis with COM Objects

COM Introduction The Component Object Model (COM) is quite an old technology that was introduced by Microsoft in the early 90s. It allows the development and usage of binary software components in a language and architecture independent way. To this end, COM classes are provided by COM servers and can
Read More
2015-07-15

State premier Hannelore Kraft visits VMRay

This article is provided by courtesy of VMRay GmbH. As part of her Summer Tour #NRWVierNull focusing on the progress of digital change, the Prime Minister of the German State of North Rhine-Westphalia, Hannelore Kraft, visited VMRay GmbH in Bochum on 15 July 2015. Cyber security is an important part
Read More
2015-05-13

VMRay vs. Dyre Malware – Evasion Failed

Dyre is an advanced banking trojan family that uses phishing to hijack bank accounts from infected machines. According to estimates by researchers, the authors behind have already stolen over a million USD using this malware. It has been around for more than a year and is steadily updated to incorporate
Read More
2015-04-07

VMRay supporting more operating systems and hardware platforms

One of the great advantages of VMRay is that its core is completely agnostic to the targeted guest operating system and the underlying hardware platform. To utilize this great feature, we had have been busy working to add additional support for other guest operating systems during the last weeks. VMRay
Read More
2015-03-17

CrowdStrike leverages VMRay technology to enhance threat intelligence capabilities

This article is provided by courtesy of VMRay GmbH. Bochum, Germany: March 18th, 2015 – VMRay GmbH, provider of the fastest and most comprehensive threat analysis capabilities in the market, announced today that it has entered into a technology partnership with CrowdStrike Inc., a leading provider of next-generation endpoint protection,
Read More
2014-12-13

Quick Tour on the Wiper Malware

We published a 20 minute video that demonstrates how VMRay Analyzer can be used to automatically create detailed and comprehensive analysis of dangerous malware threats. To illustrate this process, we take a quick tour on the Wiper malware, that seemed to be involved in the latest Sony breaches.
Read More
2014-10-28

Brief look at recent Rovnix variant

Introduction Rovnix is currently one of the most prevalent 64-bit rootkits, especially since the source code leaked as part of the Carberp malware. Since then, every malware author has basically been able to create their own custom 64-bit rootkit version and we are therefore constantly seeing new variants in the
Read More
2014-07-31

Malware Analyzer Performance

Measuring performance of a malware analysis system in “samples per hour” is misleading and does not in any way give an accurate representation of it effectiveness. However, this measure is often used to conceal the significant overhead of such solutions. In practice, the throughput of “samples per hour” almost completely
Read More
2014-07-07

New Concepts for Kernel Mode Monitoring

VMRay Analyzer is currently still in its hot beta phase, however we plan to finish our first product release soon. In the past few weeks, we not only fixed bugs, but also improved our software by adding a number of additional functionalities. As you may already know, our new analyzer
Read More
2014-06-10

Beta Version of VMRay Analyzer

We recently completed the beta version of our malware analysis suite, VMRay Analyzer, and presented it to our pilot customers. The official product release date will be in July 2014, after we have fixed minor bugs in the high-level reports, as well as completed the .PDF and .DOC analysis. We
Read More
2014-05-15

High-Tech Gruenderfonds Invests in the Next-Generation Malware Analysis Software of VMRay GmbH

This article is provided by courtesy of VMRay GmbH. Bochum/Bonn May 15, 2014 – VMRay GmbH has successfully closed its seed financing round. High-Tech Gruenderfonds (HTGF) invests in the development and marketing of the next-generation malware analysis software of VMRay, which has a special focus on complex 64-bit malware such
Read More
2013-12-16

VMRay is further building its management strength

In its ramp-up to the market launch, VMRay, the next-generation malware-analysis company, is building its management strength and governance by adding two seasoned managers to its advisory board. This is another step towards rounding out the competencies of the company by adding special skills and specific, in particular geographical experiences.
Read More
Vmray threatfeed

Latest Malware Analysis Reports

Access
Get The Latest Update

Subscribe to our newsletter

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2013-2025 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tech Insights Deep Dive of April:
Detection Strategies & Operational Excellence

join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:

Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!

Watch The Video

Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!

Watch The Video