Exalyze

Accelerate malware analysis

Skip the first 30 minutes of reverse engineering a sample.

Instantly analyze samples, get actionable insights and pivot using inovative code comparison techniques

Created by malware analysts, for malware analysts

Drag & drop your samples here

or to get started

Maximum upload size: 25MB • Max files per upload: 10

Supported file types: PE and ELF executables

763.2K

Samples Analyzed

556.1M

Functions analyzed

417.5M

PE Functions analyzed

20.9M

ELF Functions analyzed

Detailed sample reports, in seconds

Exalyze fully decompiles, analyzes any submitted binary (ELF or PE) and extracts relevant metadata.

It provides a detailed analysis report which gives an overview of what the sample is doing using clear indicators like the sample capabilities, network identifiers and YARA rule matching

All of the extracted metadata is searchable using a powerful query language, to make pivoting between samples the easiest thing.

Check out this SysJocker sample

Find unsuspected links between samples

Our unique function matching technology allows to instantly search the whole Exalyze database for samples sharing similar functions.

This allows to quickly identify strong associations between samples like code reuse or even variations of the same codebase due a high amount of shared functions.

Our search engine also implements a similar_to filter, which instantly compares the control flow graph of a sample to the whole database to identify same "variations" of a sample, using their Machoc hash.

In depth understanding of a sample without struggle

The sequence view displays the important functions of the sample and highlights the system calls they make as well as the relevant strings.

This gives a clear idea of how the sample interacts with the system and helps detecting persistence patterns, IoCs and malicious operations

Sequence view extract of a a sample setting up its persistence

Disassembled function graphs

To help gaining better understanding of a sample, Exalyze can generate browsable function graphs.

Those are accessible directly from the sequence view or can be used to compare two matching functions to easily identify variations.

Made by malware analysts, for malware analysts

Exalyze is the product of 15 years on R&D and Exatrack's 7 years hunting malicious actors on the field

This translates to a product packed with powerful features like automatic YARA rule generation for an analyzed sample, entropymap view of a sample or advanced insights coming from Exatrack very own YARA ruleset.

Exalyze is designed to boost our malware analysts team efficiency, and it is now available for everyone and for free

Register now for free

Community

Join our community of malware analysts and interact with the team behind Exalyze

Join us on Discord

Exalyze Premium

Collaboratively hunt malwares using Exalyze groups, upload sensitive or confidential samples, pivot on matched Yara rules and analyze your sample against Exatrack's advanced YARA ruleset

Subscribe