top of page



URL Analyzer checks potential malicious URLs by analyzing the browser's behavior. It supplements Joe Sandbox Light, enabling analysis of around 9,000 unique URLs per day on a single server. 


File Analyzer analyses the behavior of potential malicious executables such as *.exe, *.dll and *.sys files. It supplements Joe Sandbox Desktop.


Document Analyzer is an automated and generic malware analysis platform for detecting malicious documents. It supplements Joe Sandbox Desktop with a configuration for document analysis. 


APK Analyzer is a generic platform for automated analysis of Android Application Package (APK) files. It supplements Joe Sandbox Mobile.

Anchor 28

What is Cuckoo Sandbox?


In three words, Cuckoo Sandbox is a malware analysis system.


What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.


Why should you use it?


Malware is the swiss-army knife of cybercriminals and any other adversary to your corporation or organization.


In these evolving times, detecting and removing malware artifacts is not enough: it's vitally important to understand how they work and what they would do/did on your systems when deployed and understand the context, the motivations and the goals of a breach.


In this way you are able to more effectively understand the incident, respond to it and protect yourself for the future.


There are infinite other contexts where you might need to deploy a sandbox internally, from analyzing an internal breach to proactively scouting wildly distributed threats, collect actionable data and analyzing the ones actively targeting your infrastructure or products.


In any of these cases you'll find Cuckoo to be perfectly suitable, incredibly customizable and well... free!

Anchor 29

What is Malwr?


Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.




Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people's data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.


Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone's daily work and give a contribution to the community.




Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.

Anchor 30

Know Your Exposure to Cyber Threats


ThreatAnalyzer is the industry's only malware analysis solution that enables you to completely and accurately quantify the risk and exposure your organization faces from any malware threat.


 As a fully customizable platform, ThreatAnalyzer enables you to recreate your entire application stack (including virtual and native environments) in which you can detonate malicious code to see exactly how malware will behave across all your network and systems configurations. Moreover, custom malware determination rules help

you fine tune ThreatAnalyzer to be on the alert for suspicious behavior and activity that concern you most, such as anomalous access to sensitive systems, data exfiltration to foreign domains, queries made to custom applications and more.

Within minutes of detonating a malware sample, you will know exactly which system configurations on your network are vulnerable to any threat, enabling you to instantly respond by isolating systems and implementing defenses to prevent infections.

Anchor 4

Mobile-Sandbox and the alias are part of the MobWorm project and provides static and dynamic malware analysis for Android OS smartphones.

This service is still under continuous development and is run purely as a research tool and a best effort service. We reserve the right to take it down at any point for maintenance or other reasons.


Provide an Android application file (apk-file) and the Mobile-Sandbox will analyze the file for any malicious behaviour.

Anchor 5



DroidBox is developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:


  • Hashes for the analyzed package

  • Incoming/outgoing network data

  • File read and write operations

  • Started services and loaded classes through DexClassLoader

  • Information leaks via the network, file and SMS

  • Circumvented permissions

  • Cryptography operations performed using Android API

  • Listing broadcast receivers

  • Sent SMS and phone calls


Additionally, two images are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.

Anchor 6

Buster Sandbox Analyzer


Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of processes and the changes made to system and then evaluate if they are malware suspicious.


The changes made to system can be of several types: file system changes, registry changes and port changes.


A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.


Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.


Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.


From all these changes we will obtain the necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.


Watching all these operations in an easy and safe manner is possible thanks to Sandboxie (, an excellent tool created by Ronen Tzur.


Even if Buster Sandbox Analyzer´s main goal is to evaluate if sandboxed processes have a malware behaviour, the tool can be used also to simply obtain a list of changes made to system, so if you install a software you will know exactly what installs and where.


Additionally apart of system changes we can consider other actions as malware suspicious: keyboard logging, end the Windows session, load a driver, start a service, connect to Internet, etc.


All the above operations can be considered as not malicious but if they are performed when it´s not expected, that´s something we must take in consideration. Therefore it´s not only important to consider what actions are performed. It´s also important to consider if it´s reasonable certain actions are performed.

Anchor 7

Payload Security (


Welcome to the webpage of Payload Security - an IT-Security startup company located in the heart of Germany. We develop automated malware analysis systems with VxStream Sandbox as our main product. Our systems come with Hybrid Analysis, a unique technology that can extract more malicious behavior than comparable systems. Please take your time to read about our unique technology and what we have to offer.

Anchor 49

Subscribe for Updates

Congrats! You’re subscribed

bottom of page