Analyze files with Payload Security

Martin Brinkmann
Oct 4, 2017
Security
|
8

Payload Security is an online service that analyzes files in virtual environments to determine whether they are potentially malicious in nature.

It can best be describes as a free analysis environment on the Internet that runs the selected file through a series of tests that include, among other options, running the file in a virtual environment, testing it with multiple antivirus engines, and observing behavior when run on a system.

What is particularly interesting about this is that it displays several analysis options to users after a file has been selected for analysis. You may select an analysis environment -- Windows 7 32-bit, Linux and Android are available -- select different action scripts, the runtime duration, and even pass custom execution parameters.

Payload Security

You need to accept the terms of service, and may enter an email address if you want to be notified when the scan completes.

The scan itself is queued, and the queue position is displayed on the screen. The queue was relatively short, around 10 entries, when I ran tests. The scan itself takes a couple of minutes to complete, but usually not longer than that.

The page that is displayed in the end offers very extensive information. You can check out this page, a scan of the Textify program which I reviewed recently, for details on how that looks like.

Here are a couple of highlights:

  • How 66 different antivirus vendors classify the file.
  • Whether an extracted file was identified as malicious, and how it was classified.
  • A list of indicators that are flagged as suspicious, e.g. whether IP or URLs are found that were flagged as malicious by an engine, whether it can create remote threads, or if it reads the computer name.
  • A list of informative indicators, for instance if it reads the Registry for installed applications, scans for window names, or drops files.
  • File details such as the hash and language, file classification using TrlD, and version information.
  • Information about included files and file imports, extracted files (sorted by flagged / not flagged).
  • Screenshots of installation or program execution.
  • Process and network analysis.
  • Extracted strings.

The information that Payload Security provides is very helpful in determining whether a file is potentially malicious in nature. There is still the chance of false positives, for instance when antivirus engines flag one or multiple of the included files wrongly as malicious.

Closing Words

Payload Security is a handy online security scanner that you may use to find out more about files before you execute them on your system. It's analysis of files includes screenshots, data from dozens of antivirus vendors, and information taken from execution in virtual environments.

Now You: Which service do you use to analyze files?

Summary
software image
Author Rating
1star1star1star1star1star
5 based on 2 votes
Software Name
Payload Security
Software Category
Security
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. ANONY said on October 9, 2017 at 8:48 am
    Reply

    Oops! The analysis system reported an error:

    The file “fe6f970f2ae1076eb20d5d2e1bcfe69400a1ac9b9ffe6d5081747ca22909e6c0” has the file format “swf”, which is currently disabled by configuration

  2. sofia said on October 6, 2017 at 7:33 pm
    Reply

    ………………. nose XD

  3. hahaha said on October 5, 2017 at 3:44 am
    Reply

    virustotal is simply good enough for me.

  4. chef-koch said on October 4, 2017 at 7:39 pm
    Reply

    I use nothing because it’s useless anyway, especially if you send them ‘private data’ away which you should’t and for the rest of the stuff you can use GPO policy to enforce nothing bypasses the OS security mechanism. In additional a simply firewall also blocks the payload itself from downloading shit over the internet/lan. That you can’t trust or use such files was several times proven and it’s beyond me why people still uploading everything into the cloud. Every malware developer tests their shit against such services and ‘stealth’ them by e.g. obfuscating it and and and.

    At the end such services collecting nothing but data and you help them to gain even more data, I’m not only talking about the data you upload to them you also reveal your identify, meta-data and more when you trust such services. Mostly these people which using such services are the same which blocking Windows Defender, .. no words for this stupidness, so you choose to share more data with such multi-av scanning engines instead of only trusting the provider which you already choosed for your OS. Genius!

    Instead of using useless tools how about showing people how to really work with the OS mechanism? I did this: https://github.com/CHEF-KOCH/HWAB .. and with this you not need any additional tools, av or services because NOTHING can bypass these restrictins without breaking the OS mechanism by itself (which in 99% requirs additional infections).

  5. Maldun said on October 4, 2017 at 5:21 pm
    Reply

    I’M using Maldun beacuse it’s 64bit OS

    https://www.maldun.com/submit/submit_file/

  6. someone said on October 4, 2017 at 4:18 pm
    Reply

    the real drawback is that it does not emulate Windows 10, and that you can not complete an installation wizard and run the installed program.

  7. TelV said on October 4, 2017 at 3:48 pm
    Reply

    Looks like it could have drawbacks according to the knowledge base: https://team.vxstream-sandbox.com/pages/viewpage.action?pageId=1802362

    A similar service is Jotti’s which I can remember from Windows XP days: https://virusscan.jotti.org/

    1. KJS said on October 4, 2017 at 4:22 pm
      Reply

      Thanks for the article, Martin. And, thank you, @TelV for the caution!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.