Last year I’ve written an article on how to easily analyze and get detailed report of suspicious file using online sandbox service. These free services can analyze what the file can actually do you your computer when you run it and you don’t need to risk your computer from being harmed. Even after my laptop being infected by virus twice, I am still running Windows without an antivirus because I always check a file that I think suspicious with ThreatExpert.
Here’s another online sandbox service by Comodo called CIMA, Comodo Instant Malware Analysis. CIMA is built as service in the cloud (fancy way of saying online service) where you can upload your suspicious files and it will get analyzed in real time and a report will be generated for your review. In this report it will tell you if it is suspicious or not. This tool is originally used in Comodo antivirus labs to help them identify malwares and they’ve decided to make it available to all of us for FREE!
All you need to do is to visit CIMA, and browse the file that you want to analyze. Once the file has finished uploaded, you’ll be forwarded to a page that refreshes every 5 seconds until the report is ready. I tried uploading a 70KB trojan that is widely detected by all antivirus, it took about 5 minutes to produce the report.
The report contains a lot of information such as HTTP queries, DNS queries, Windows Api Calls, Threads Created, Process created and terminated, Drivers loaded and unloaded, Hidden files, Files and directory created, changed and deleted, Registry keys and values created, changed and deleted. Finally, at the end of the report, CIMA will give you a verdict if the file is suspicious or not.
Here are a few sample reports for you to see how CIMA report looks like.
Bifrost Trojan report Zhelatin Worm report Goldun Trojan report
There are constant improvements going on this service to adapt to new emerging threats. Do take note that anything you submit to CIMA, it gets fed to their AV labs. Any suspicious file will be then be manually analyzed and if found to be malicious, a signature will be created and Comodo Antivirus will be updated in the next signature update.
[ Visit Comodo Instant Malware Analysis ]
Related posts:
thanx
it not even works well, just waste of time :S
I just voted . Its a small way to repay you for everything that you have written to help me and others like me! Good luck!
Judiline
thanx
thanx alot Ray.
Thanks, Raymond. I regularly upload files for analysis by VirusTotal, NoVirusThanks, ThreatExpert and CWSandbox. I think CIMA would be an intelligent addition in my Bookmarks.
ray a suggestion..why dont u put the year below the date for eg 9 april 2009..this wil help users to know when the post was made..when i see ur old post i dontkno when it was posted
only 2 replies so far to this nice post?thnx raymond
Raymond, you might want to look into this script for your users, so they aren’t going to be unsafe:
code.google.com/p/ie6-upgrade-warning/
“friends are those who knowwhat you are like but still love you.”
Thanks for the information.