Raymond.CC Blog

Last year I’ve written an article on how to easily analyze and get detailed report of suspicious file using online sandbox service. These free services can analyze what the file can actually do you your computer when you run it and you don’t need to risk your computer from being harmed. Even after my laptop being infected by virus twice, I am still running Windows without an antivirus because I always check a file that I think suspicious with ThreatExpert.

Here’s another online sandbox service by Comodo called CIMA, Comodo Instant Malware Analysis. CIMA is built as service in the cloud (fancy way of saying online service) where you can upload your suspicious files and it will get analyzed in real time and a report will be generated for your review. In this report it will tell you if it is suspicious or not. This tool is originally used in Comodo antivirus labs to help them identify malwares and they’ve decided to make it available to all of us for FREE!


All you need to do is to visit CIMA, and browse the file that you want to analyze. Once the file has finished uploaded, you’ll be forwarded to a page that refreshes every 5 seconds until the report is ready. I tried uploading a 70KB trojan that is widely detected by all antivirus, it took about 5 minutes to produce the report.

The report contains a lot of information such as HTTP queries, DNS queries, Windows Api Calls, Threads Created, Process created and terminated, Drivers loaded and unloaded, Hidden files, Files and directory created, changed and deleted, Registry keys and values created, changed and deleted. Finally, at the end of the report, CIMA will give you a verdict if the file is suspicious or not.

Here are a few sample reports for you to see how CIMA report looks like.

Bifrost Trojan report

Zhelatin Worm report

Goldun Trojan report

There are constant improvements going on this service to adapt to new emerging threats. Do take note that anything you submit to CIMA, it gets fed to their AV labs. Any suspicious file will be then be manually analyzed and if found to be malicious, a signature will be created and Comodo Antivirus will be updated in the next signature update.

[ Visit Comodo Instant Malware Analysis ]