Payload Security is an online service that analyzes files in virtual environments to determine whether they are potentially malicious in nature.
It can best be describes as a free analysis environment on the Internet that runs the selected file through a series of tests that include, among other options, running the file in a virtual environment, testing it with multiple antivirus engines, and observing behavior when run on a system.
What is particularly interesting about this is that it displays several analysis options to users after a file has been selected for analysis. You may select an analysis environment — Windows 7 32-bit, Linux and Android are available — select different action scripts, the runtime duration, and even pass custom execution parameters.
You need to accept the terms of service, and may enter an email address if you want to be notified when the scan completes.
The scan itself is queued, and the queue position is displayed on the screen. The queue was relatively short, around 10 entries, when I ran tests. The scan itself takes a couple of minutes to complete, but usually not longer than that.
The page that is displayed in the end offers very extensive information. You can check out this page, a scan of the Textify program which I reviewed recently, for details on how that looks like.
Here are a couple of highlights:
- How 66 different antivirus vendors classify the file.
- Whether an extracted file was identified as malicious, and how it was classified.
- A list of indicators that are flagged as suspicious, e.g. whether IP or URLs are found that were flagged as malicious by an engine, whether it can create remote threads, or if it reads the computer name.
- A list of informative indicators, for instance if it reads the Registry for installed applications, scans for window names, or drops files.
- File details such as the hash and language, file classification using TrlD, and version information.
- Information about included files and file imports, extracted files (sorted by flagged / not flagged).
- Screenshots of installation or program execution.
- Process and network analysis.
- Extracted strings.
The information that Payload Security provides is very helpful in determining whether a file is potentially malicious in nature. There is still the chance of false positives, for instance when antivirus engines flag one or multiple of the included files wrongly as malicious.
Payload Security is a handy online security scanner that you may use to find out more about files before you execute them on your system. It’s analysis of files includes screenshots, data from dozens of antivirus vendors, and information taken from execution in virtual environments.
Now You: Which service do you use to analyze files?