<style> .animsition { opacity: 100; } </style>

High-End Malware Analysis

Welcome to Payload-Security.com. We are an IT-Security software company located in the heart of Germany. We develop VxStream Sandbox, an automated malware analysis system for enterprises, governments, universities, SOCs and IR teams. At the core of our product is Hybrid Analysis, a unique technology implementing in-depth memory analysis extracting more malicious indicators than comparable products.

VxStream Sandbox - Automated Malware Analysis System

VxStream Sandbox is an innovative and fully automated malware analysis system that includes the unique Hybrid Analysis technology. It is available as a standalone software package that is automatically deployed within your local infrastructure and operates without an external dependency or callback mechanism. It is possible to execute files on any Windows guest image (e.g. a copy of your local workstation) and has a variety of integration and interface capabilities. Alternatively, we also offer a limited hosted solution that is operated from our servers in Germany.

The feature set of VxStream Sandbox is very extensive (see a full list of system features below) with hundreds of generic indicators at its core that haven proven to detect unknown threats independent of Anti-Virus signatures. Empowered by Hybrid Analysis, not only the runtime behavior of the sample, but the entire process memory is analyzed using multiple timed snapshots. This allows extraction of a lot more indicators (Strings/API calls) regardless of execution. The benefit of this approach is not only the analysis of dormant code and evasive conditions, but also the extraction of more valuable IOCs than comparable systems offer.

With a wide range of configuration options, an open architecture, the ability to import and use any guest machine image for analysis, specialized features such as human-simulating action script(s), worldwide leading anti-VM evasive technology, an intuitive user-centered design as well as various machine-parsable output formats and interface support, VxStream Sandbox is a high-tech malware analysis framework that can be integrated into any incident response workflow or security stack.

What makes VxStream Sandbox different to others?

Check out this video to understand why VxStream Sandbox leads the sandbox market today:

Follow up with the key features and more information on our products and services.

Key Features

  • Support for any Windows (XP, Vista, 7, 8, 10) and any bitness (32 or 64)
  • Use any Windows image for analysis (e.g. a copy of your workstations)
  • Input any significant file type (PE, Office files, PDF, VBS, JS, PS1, HTA, etc.)
  • Support for analyzing Linux malware (ELF 32 or 64, Bash, Python, Perl)
  • Support for VirtualBox and VMWare
  • Analyze files on multiple different environments for true targeted attack detection
  • Webservice with unlimited user- and client-management
  • Unique Hybrid Analysis technology that analyzes process memory dumps
  • Kernelmode Monitor technology that leaves the malware process untampered
  • Leading anti-evasion technology that bypasses all Pafish checks (including RDTSC, CPUID)
  • Data intelligence using an advanced search engine that can combine multiple terms
  • AV independent Threat Score (based purely on static/dynamic malicious artifacts)
  • Adaptable framework that is highly configurable (e.g. custom YARA rules, memory snapshots)
  • REST API for automated integration into your workflow (HTTP/S)
  • VirusTotal integration (e.g. cross-reference IP checks, whitelisting)
  • Online and on-site Metadefender (OPSWAT) integration including pro-active file submission
  • Malware indicator sharing using MAEC 4.1, STIX 1.1, OpenIOC 1.1 and MISP XML/JSON exports
  • AlienVault OTX reputation, pulse and community hashtags
  • SIEM system integration using CEF syslog feedbacks (e.g. HP ArcSight, IBM QRadar)
  • Offline PCAP analysis using Suricata and e.g. ETOpen/ETPro rules
  • Extensive bootstrap scripts to automatically deploy the host in less than 45 minutes
  • Quick Start guide for a one-click deployment of a simple web installer
  • Perform automated offline upgrades in less than 15 minutes
  • Automatically scale out the guest VM landscape (only VirtualBox)
  • Remote assisted installations and workshops (optional)
  • Simulate human behavior with “action scripts” to bypass evasive malware
  • Extract embedded Office files and deobfuscate VBA macros, VBE, JSE files
  • Parse URL references (also from compressed PDF files) and pull in referenced online files
  • Extract .NET IL and Java bytecode for even more artifact (IPs/URLs) detection
  • Route network traffic via TOR (selective, optional) to disguise the origin of analysis
  • Support for a wide range of archive formats (ace, arj, 7z, bzip2, gzip2, iso, rar, rev, tar, wim, xz and zip)

Please take a look at the following datasheet for a high-level overview of VxStream Sandbox's capabilities and to get a better understanding of our philosophy and ease of implementation.

Download Datasheet


Choosing the right automated malware analysis system is an important decision. We know what "enterprise grade" means and have won dozens of call for bids against the biggest players in the market. There is a reason many S&P 100, Fortune 500, Governments and CERTs trust in VxStream Sandbox. We recommend downloading the following buyer's guide that will clasify security use cases and finishes with an evaluation checklist.

Download Buyer's Guide

Summary

VxStream Sandbox is a high-end malware analysis framework with a very agile architecture. It can be implemented as a large-scale system processing thousands of files automatically or as a webservice for incident response and forensics. Due to its simple interface and numerous integration capabilities with other technology providers, it seamlessly enriches a SOCs incident response workflow and security stack. VxStream Sandbox is trusted by SOCs, CERTs, DFIR teams, IT-security forensic labs, researchers and threat intelligence service providers all around the world. Multiple S&P 100, Fortune 500 and U.S. government agencies are using VxStream Sandbox every day. Got your interest? Feel free to try out our sandbox technology for free malware analysis at www.hybrid-analysis.com or www.reverse.it.

More Information

Want to see some sample reports? Take a look at our up-to-date collection of demo reports or request a demo webservice account. Please get in touch for pricing information, hardware requirements, evaluation accounts, technical presentations or to request a quote.

How does VxStream Sandbox compare? Check out this VxStream Feature Comparison overview (PDF).

Latest News

Your Benefits

  • State of the Art +

    We are a highly specialized team of developers with a focus on practical state of the art malware analysis systems.

  • Focus on Usability +

  • Easy Integration +

  • Enterprise Deployment +

  • Developer Support +

Free Demo

A free community version of our sandbox technology is available for free use at hybrid-analysis.com. It always runs the latest stable version with streamlined guest VMs. Go ahead and submit your executable files, documents, scripts, etc. for an in-depth analysis.

Simple Installation

Did you know that installing VxStream Sandbox is very easy? Check out this video:

Obtain a License

If you are interested in licensing the full version of VxStream Sandbox (includes the webservice, API, runtime monitors, load balancing controller, hybrid analysis technology, report generator, all indicators, signatures, scripts, etc.) or have any questions, please use our contact form and get in touch. We have a very simple licensing structure. If you are interested in a demo, try out our sandbox technology for free malware analysis at hybrid-analysis.com or inquire about a free evaluation account.

Company Blog

Every now and then we write about new features, technologies or sample reports at our IT-Security blog. Go have a visit if you like!