Reputation and intelligence pivots
Review hashes, URLs, domains, IP addresses, detections, comments, relationships, raw JSON, and advanced VirusTotal endpoints when licensed.
Pre-launch product site for malwareinfo.app
Malware INFO helps analysts and researchers investigate suspicious Windows malware that may evade ordinary detection, using local evidence, YARA and signature rules, behavior scoring, VirusTotal context, and real-time observations from one focused workstation.
Clear positioning
Malware INFO is not designed to replace your antivirus, EDR, XDR, or SIEM. It is designed to help analysts research suspicious files and behavior that deserve a second look, preserve investigation evidence, and make practical decisions without hiding verdicts behind opaque cloud logic.
Core capabilities
The current build combines lookup, scan, containment, reporting, and real-time evidence views for analysts who need clarity when a suspicious file, process, or persistence signal does not fit ordinary detection results.
Review hashes, URLs, domains, IP addresses, detections, comments, relationships, raw JSON, and advanced VirusTotal endpoints when licensed.
Run known-bad hash checks, HEX signatures, YARA rules, memory and persistence review, and custom folder or drive scans.
Score suspicious process behavior, command lines, persistence, network hints, trust state, PE context, and analyst-review signals.
Monitor file, process, registry, network, quarantine, and timeline activity through a background Guard Service and analyst-facing console.
Move confirmed threats out of active use while preserving original path, SHA-256, detection source, metadata, and restore context.
Prepare encrypted private hash, signature, and YARA packages for organizations that need controlled distribution of sensitive detections.
Edition preview
Edition availability and customer access details will be announced closer to the first public release.
For learners and general users who need basic malware lookup and local investigation.
For SOC analysts, malware analysts, DFIR learners, and security researchers.
For teams with private intelligence, local update, and future endpoint policy needs.
Analyst workflow
Malware INFO is strongest when an analyst needs practical, readable evidence: reputation context, local scan results, live process activity, persistence signals, quarantine state, and exportable reports.
Private intelligence
The Management workspace is designed for organizations that need to convert internal hash, signature, and YARA rules into encrypted private packages for controlled endpoint use.
Planned direction
The roadmap is presented as direction, not a replacement for mature EDR/XDR platforms. Stability, code signing, and analyst trust come first.
Improve installer trust, publish SHA-256 hashes, and maintain clear release notes.
Advance from file-event monitoring toward pre-execution checks, ransomware scoring, and response controls.
Provide account login, machine-bound license delivery, offline installers, and Enterprise package access.
Plan for local update control, private rule deployment, report destinations, and endpoint visibility.
Explore driver-backed visibility only after signing, testing, and stability requirements are mature.
Publish workflow guides for lookup, scanning, Guard, database management, reporting, and safe handling.
Release status
Malware INFO is being prepared for its first public release. This page will provide the official installer, SHA-256 hash, release notes, and GitHub release mirror when available.
Security and privacy
Reports, logs, quarantine metadata, and scan findings are designed to remain readable and useful to the analyst.
VirusTotal features require appropriate API access. Sensitive internal files should not be uploaded unless the organization permits it.
Enterprise private packages are designed to expose detection logic only in supported workflows, not as plain text rule files.