Technology and Features

VMRay Analyzer provides best-in-class threat detection & analysis capabilities. Unlike traditional malware analysis systems, VMRay Analyzer cannot be evaded by malware because of its unique agentless hypervisor-based approach – nothing is modified in the target analysis environment.

REAL-TIME DETECTION AND IN-DEPTH ANALYSIS AT SCALE

  • Supports real-time, high volume detection of malicious files
  • Performs in-depth behavioral analyses in customizable environments
  • Hardware virtualization enables parallel execution of analyses
  • Highly scalable architecture executes analyses with near-native performance in enterprise environments

TOTAL VISIBILITY INTO MALWARE ACTIVITY

  • Unique hypervisor based-approach allows monitoring of all system interaction
  • Higher security privileges than kernel code.
  • Observes all unaligned function calls, private function invocations and direct system calls

EVASION RESISTANT

  • Virtually impossible for malware to detect and evade
  • Not a single bit is modified inside the monitoring environment
  • Immune to hook evasions (Direct system calls, unaligned function calls)
  • Provides optimum balance between performance, transparency and isolation

 

Get the Data Sheet

Features

Detection & Analysis

BUILT-IN REPUTATION ENGINE FOR REAL-TIME DETECTION

  • Identifies known malicious or benign files in milliseconds
  • Delivers actionable threat intelligence in high-volume environments
  • Automatically runs malware analysis if reputation status is unknown

VMRAY THREAT IDENTIFIER (VTI) FOR BEHAVIORAL ANALYSIS DETECTS:

  • Low-level control flow (API function calls and system calls)
  • High-level semantics (filesystem, registry and network)
  • Process creation, code injection and driver installation

Customization & Integration

HIGHLY CUSTOMIZABLE

  • Custom system configurations, e.g., different service pack levels or host applications in target machines
  • Custom pre-analysis scripts to configure system environment for each analysis
  • Support for Yara rulesets
  • Browser based VNC access for manual interaction with malware in VM

SEAMLESS INTEROPERABILITY

  • Flexible REST/JSON API for automated system integration
  • Out of box integration with leading EDR, TIP, CASB solutions
  • Syslog/CEF alert output for SIEM
  • Splunk Add-On for correlation of analyses with other threat intel

Analysis Reports

COMPREHENSIVE DATA COLLECTION

  • Enriched output with function prototype information, GeoIP lookup information, and process dependency graphs
  • Screenshots collected during execution
  • Detects and stores all files that are generated or modified by the malware
  • Monitors network traffic and stores PCAP files

FLEXIBLE REPORTING FORMATS

  • Summary high-level reports
  • Fine-grained function level logs with all input and output parameters
  • Low-level transition logs
  • Multiple output formats: HTML, XML(CybOX/STIX), and text files

Analysis Insights

WINDOWS MALWARE DETECTION & ANALYSIS

Detection and complete analysis of all Windows malware including:

  • Windows 10
  • 32-Bit and 64-Bit user-mode malware
  • Executables, URLs, scripts and data files
  • 64-Bit kernel rootkits

COMPREHENSIVE KERNEL CODE / ROOTKIT ANALYSIS

  • Complete analysis of 64-bit kernel rootkits
  • Total system monitoring if kernel code is detected
  • Visualization of malicious kernel code blocks and their interdependence

Use Cases

Incident Response

Enterprises and Organizations doing incident response against targeted attacks (CERT, CIRT, LEO) leverage VMRay’s powerful malware analysis as part of their digital forensics and incident response toolkits (DFIR). VMRay’s dynamic analysis is a complement to traditional static analysis tools.

Threat Intelligence

Security Solution Providers can augment their threat intelligence with results derived from VMRay threat analysis. VMRay integrates easily through it’s flexible REST/JSON API, with Cybox-compatible output. Alerts can be published to SIEMs via Syslog/CEF.

Protection

Between visibility and protection lies analysis and detection. VMRay can be the critical bridge providing analysis results that become actionable intelligence for other security products whether EDR, AV, NGFW, TIP, SIEM or anything else. Leverage VMRay’s flexible REST/JSON API, or ingest alerts via Syslog/CEF.

OEM Integration

VMRay can be embedded into Security Appliances and Cloud Security Solutions, providing the ultimate validation and analysis when static lists and AV can’t determine whether it’s good or bad.