Dynamic Malware Analysis Platform

Dynamic Malware Analysis Platform (DMA) is a platform operated by CIRCL, which allows the analysis of potential malicious software or suspicious documents in a secure and virtualized environment.

Users can upload their suspicious software or document files via a web-interface and select a specific target platform. The request is then automatically processed and executed within the selected target. After the execution, additional analysis is performed like memory analysis and comparative analysis. Then a report is made available including all the complete dynamic analysis, memory analysis and additional information.

Can I submit sensitive documents for analysis?

Yes. Unlike some other public services, CIRCL doesn’t share files uploaded into the DMA platform. We strongly commit to protect your privacy and the confidentiality of your documents.

The DMA TLS-based interface allows the user to submit a file for analysis. The user can select the analysis package and the type of operating system to use.

DMA submission interface

What kind of documents or files can be analyzed?

  • Java applets (jar)
  • generic binary data (bin)
  • Control Panel Applets (cpl)
  • Dynamically Linked Libraries (DLL)
  • Microsoft Word documents (doc/docx)
  • Microsoft Excel Document (xls)
  • Windows PE executables (exe)
  • Portable Document Format documents (pdf)
  • Zip archives (zip).

DMA is based on Analysis Packages from cuckoo sandbox.

We are evaluating to add dynamic analysis of Android files (apk). If you need a specific format to be supported, let us know.

What can I do if a dynamic analysis failed or is suspiciously quiet?

Dynamic analysis is not a magical solution. If an analysis fails, you can resubmit the suspicious files to CIRCL for further manual malware analysis.

How to request access?

If you are an organization based in Luxembourg, you can request access by contacting us.

Provided by