Interactive Malware Analysis Tool Any.Run launches

Martin Brinkmann
Mar 8, 2018

Any.Run, an interactive malware analysis tool based in Russia opened its doors to the public yesterday. A free community version is available at the time which allows anyone to register an account and start analyzing Windows programs, scripts and other files.

While you can use established services like Virustotal to analyze files, most are not interactive. Any.Run supports a full sandboxed environment that you may use to analyze files interactively.

Think of a virtual machine that you run a version of Windows on plus added malware scan tools and data information tools.

Setup asks for an email and password, and requires that you verify the email address before you are can start using the service.

The main page of the service displays lots of information. Particularly useful is the new task button at the top to start a new analysis, and the history feature which lists previous activity.

Note: The free community version has several limitations. It only supports Windows 7 32-bit as virtual environment which means that you can't use it to analyze the behavior of 64-bit files in that version. The maximum file size is set to 16 Megabyte, and you only get some playing around-time in the sandbox before a recording is displayed. Last but not least, any file you upload to the service can be downloaded by anyone. Make sure you don't upload confidential or important files to it.

A click on the new task icon displays the basic task dialog. You use it to select a local file or URL that you want to analyze. You may switch to the advanced mode where you find options to limit access to users with the link or only you, add command line parameters, and make other modifications.

Some of the locked options, the ability to limit file exposure, modify networking parameters, change the running time of the sandbox, or switch to another version of Windows or architecture, are only available in paid plans. These paid plans are not available yet, however.

While pricing information is not available yet, we know already that there are three paid plans. All improve the timeout period for the analysis, increase the maximum file size, give you faster and better storage, and add useful features such as video recording, reboot support, or MITM proxy support for HTTPS to the environment. Only the two largest plans support different operating system environments (Vista, Windows 8.1 and Windows supported in 32-bit and 64-bit architectures.

The analysis

file analysis loads the analysis tool after you configured the new analysis. You get a virtual sandboxed environment that you can interact with, and panes listing all kinds of information.

Interactivity is what sets apart from other services. You can use it to analyze the installation of a software program or the running of a file, check whether an Office document is clean, or if a website behaves in a suspicious manner.

While you are limited to 60 seconds of interactivity in the free version, it is usually enough to complete installations and the loading of files. You are free to interact with the environment during that time; you may open Windows Explorer or the Task Manager, and any other program that is on the system. displays lots of information that it picks up while you interact with the sandbox:

  • Process information -- lists the processes that the file starts, stops, or uses. You see if the analyzed program kills other processes, creates new Services or Tasks, or check out launched processes in detail to find out about Registry modifications, library use and more.
  • Network information -- displays details about network requests, e.g. outbound connections, DNS requests. This includes information about IP addresses, domains, and send and receive bits of data, and download PCAP data.
  • Files -- lists files associated with the analyzed file.
  • Debug -- debug output. lists all network connections a program makes and how it interacts with the underlying system.

What can you use it for?

The service is well suited to analyze any type of file but you get the most out of it if the file requires interaction. Think of software installation dialogs that you need to click through or programs that display various options when you run them. lists activity of the file in its interface; handy to find out if it makes network connections without informing the user about them, modifies critical system components, or makes other unwanted modifications to the system.

Closing words

While you can use to analyze any file that is within the boundaries of what is supported by the free account, the option to interact with the file in a sandboxed environment is what sets it apart the most from other malware analysis services.

The limitations of the free account limit what you may use it for: you can use it to analyze 32-bit software on Windows 7, can't change the visibility of the analysis to private, and can't select files larger than 16 Megabytes.

Still, is a good option for users who want to analyze -- some -- files before they run them on their own machines.

Now You: How do you analyze files before you run them? (via Bleeping Computer)

Related articles

Interactive Malware Analysis Tool Any.Run launches
Article Name
Interactive Malware Analysis Tool Any.Run launches
Any.Run, an interactive malware analysis tool based in Russia opened its doors to the public yesterday. A free community version is available at the time which allows anyone to register an account and start analyzing Windows programs, scripts and other files.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Kronos said on April 10, 2019 at 10:04 pm

    Long time US based researcher here. Commenting after seeing silly comments above.

    This is a good tool. I have used it many times and there are always excellent results.

    DON’T be AFRAID by stigmas, negative organizations exist in EVERY country.

  2. iponymous said on March 8, 2018 at 10:15 pm

    This would be ideal installed on an android phone

  3. Rick said on March 8, 2018 at 4:12 pm

    Sandboxie, VM with snapshot. A free service with 32bit restrictions on Win 7 is pretty useless

  4. Anonymous said on March 8, 2018 at 1:46 pm

    I would not trust any software made in Russia, sorry.

    1. Stefan said on March 9, 2018 at 4:59 am

      I don’t trust any software made in USA due to all backdoors NSA, CIA, FBI and Pentagon has in them ! USA has become Soviet Union 2.0 (search online for that).

    2. another anon said on March 8, 2018 at 3:17 pm

      Should we also assume that every single piece of software made in US and UK is tied to NSA and GCHQ? No?

      Pot, meet kettle.

      1. Anonymous said on March 9, 2018 at 11:22 pm

        I’m sorry, but the US government does not “relocate” its citizens to the gulags for not following orders, which cannot be said for Russia.

      2. Randy Brown said on March 9, 2018 at 4:13 am

        Good point, dudeXD

  5. Yuliya said on March 8, 2018 at 10:05 am

    Unless it’s some piece of software I fully trust (AIMP, VLC, 7zip..) I run it in a snapshotted VM first to see what it breaks. Sometimes legit software, but poorly designed, which has made some file associations, won’t let those extensions go even after uninstall, in which case it won’t make it to my real Win7 install.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.