Virtual Analyzer is a secure virtual environment that manages and analyzes objects submitted by integrated products, and administrators and investigators (through SSH). Custom sandbox images enable observation of files, URLs, registry entries, API calls, and other objects in environments that match your system configuration.
Virtual Analyzer performs static and dynamic analysis to identify an object's notable characteristics in the following categories:
Anti-security and self-preservation
Autostart or other system configuration
Deception and social engineering
File drop, download, sharing, or replication
Hijack, redirection, or data theft
Malformed, defective, or with known malware traits
Process, service, or memory object change
Suspicious network or messaging activity
During analysis, Virtual Analyzer rates the characteristics in context and then assigns a risk level to the object based on the accumulated ratings. Virtual Analyzer also generates analysis reports, suspicious object lists, PCAP files, and OpenIOC files that can be used in investigations.