VMRay Analyzer

The Gold Standard for Advanced Threat Detection & Analysis

Catch the threats that others miss

Incorporating many industry “firsts” and “bests”, VMRay Analyzer empowers DFIR and SOC teams to

Get what matters most to you

Engineered for evasion resistance

VMRay Analyzer runs solely in the hypervisor layer, an unprecedented engineering feat that allows monitoring to take place from outside the analysis environment. By always remaining invisible, VMRay defeats even the most evasive techniques built into advanced threats.
evasion resistance
Full visibility into malicious behavior

As malware or phishing URL are detonated in our detection & analysis platform, VMRay transparently monitors every interaction with the target machine, logging all control flow mechanisms, calling conventions and privilege levels. With complete and continuous visibility into malicious behavior, the SOC team can quickly and accurately triage the most urgent threats for further investigation or mitigation.
All signal, no noise.

Noisy results are a daily frustration for SOC analysts and managers. Excessive noise impedes manual investigations, and discourages efforts to automate the sharing of results, because doing so propagates the weaknesses of those results to other systems.

VMRay’s Intelligent Monitoring generates concise and focused output that only addresses the malware or URL’s core behavior. This eliminates false positives, streamlines analysis, and scales automated detection.
evasion resistance
Continuously being tested.
Consistently winning.

As the saying goes: you can fool some of the people some of the time but you can’t fool Analyzer.

With brand new advanced threats entering the cybersphere every second, it is inevitable that some will slip through your EDR defenses.

Analyzer helps you fill the gaps and cover the blind spots: it is the last bastion and your ultimate source of truth. Built by industry pioneers and having stood the test of time for over 10 years, Analyzer catches what others can’t.
evasion resistance
Complete coverage on Windows and macOS

The Cloud version of VMRay Analyzer includes support for the latest Windows Redstone operating system as well as macOS Catalina. The following file types can be analyzed.
evasion resistance

Achieve complete visibility to malicious behavior

With Analyzer, you get a multitude of ways to see the detection and analysis results:

  • Dashboards with high-level verdict summaries and the lowest-level of detailed reports are available in the Web Interface.
  • Brandable PDF reports can be customized and shared among the team or with management.
  • Complete result sets are available in a single JSON file.
  • The Analysis Archive provides a comprehensive collection of all related IOCs and artifacts compressed into a single file, ideal for sharing, archiving and performing the deepest possible analytical dives.
    Your super-techies will love it!

Reach out with Comprehensive Connectivity

Analyzer will quickly become an essential component in your security ecosystem, and so it needs to talk to all or your other components:

  • Pre-built Connectors make it easy to not only input from other systems, but also, output to other systems, and for this we have Connectors to Splunk, MISP, IBM Resilient, Carbon Black, Cybereason, SentinelOne, Rapid7, Swimlane, ThreatConnect and many more.
  • Syslog and other common SIEM and SOAR formats are also supported for easy integration with a SIEM or SOAR system of your choice.
  • For custom-building your own connections, our brand new Analyzer REST API Integration Kit, which includes pre-defined sample code of the most common operations, means you can be talking to Analyzer within minutes. Comprehensive documentation helps you program it to do anything within days.

Featured Technologies

Intelligent Monitoring:

Allows VMRay to stay invisible to evasive malware as it runs solely in the hypervisor layer and without affecting the analysis environment.

Learn more

Smart Memory Dumping:

Advanced triggers to accurately dump and store relevant memory buffers of analyzed malware in real time that enables timely detection.

Learn more

Machine Learning

Fed by the highest quality input data derived from our analysis, our Machine Learning model improves our capabilities to detect the undetectable.

Learn more

Explore 30+ unique technologies

VMRay Analyzer Core Capabilities

Automated IOC Extraction

VMRay automatically generates IOCs with every analysis. It applies VMRay Threat Identifier (VTI) rules to flag and score artifacts, filtering out the noise and providing true, actionable IOCs.


Frequently Asked Questions

What is a Malware Sandbox

A malware sandbox is a cyber security term referring to a specifically prepared monitoring environment that mimics an end-user operating machine.

Malware sandboxes represent an important tool in the arsenal of security teams and are used to safely observe the behavior of suspicious file or URL in a controlled environment without risking infection of the host machine.

VMRay keeps adding new blocks to its groundbreaking sandbox by continuously developing new cutting-edge technologies to stay ahead of the attackers.


Contact Sales


Trial licenses



Sign up for monthly PDS eNewsletter -->