Pre-launch product site for malwareinfo.app

A Windows malware research tool for suspicious files, behavior, and zero-day triage.

Malware INFO helps analysts and researchers investigate suspicious Windows malware that may evade ordinary detection, using local evidence, YARA and signature rules, behavior scoring, VirusTotal context, and real-time observations from one focused workstation.

Evidence layers
Lookup, scan, behavior, guard
Target users
SOC, DFIR, malware analysis
Platform
Windows analyst workstation
Malware INFO home screen showing protected system status and scan activity

Clear positioning

Not an EDR replacement. Built to research what ordinary detection may miss.

Malware INFO is not designed to replace your antivirus, EDR, XDR, or SIEM. It is designed to help analysts research suspicious files and behavior that deserve a second look, preserve investigation evidence, and make practical decisions without hiding verdicts behind opaque cloud logic.

Core capabilities

Focused tools for local malware investigation.

The current build combines lookup, scan, containment, reporting, and real-time evidence views for analysts who need clarity when a suspicious file, process, or persistence signal does not fit ordinary detection results.

Lookup

Reputation and intelligence pivots

Review hashes, URLs, domains, IP addresses, detections, comments, relationships, raw JSON, and advanced VirusTotal endpoints when licensed.

Scan

Hash, signature, and YARA evidence

Run known-bad hash checks, HEX signatures, YARA rules, memory and persistence review, and custom folder or drive scans.

Zero-Day

Behavioral triage, not blind deletion

Score suspicious process behavior, command lines, persistence, network hints, trust state, PE context, and analyst-review signals.

Guard

Real-time research observations

Monitor file, process, registry, network, quarantine, and timeline activity through a background Guard Service and analyst-facing console.

Containment

Quarantine with evidence preservation

Move confirmed threats out of active use while preserving original path, SHA-256, detection source, metadata, and restore context.

Enterprise

Private intelligence workflows

Prepare encrypted private hash, signature, and YARA packages for organizations that need controlled distribution of sensitive detections.

Malware INFO lookup screen with reputation result tabs
Lookup and intelligence review
Malware INFO scan workspace with scan options
Layered scan workflows
Malware INFO Real-time Guard monitor screen
Real-time Guard console

Edition preview

Free for entry workflows, paid editions for analyst and team capability.

Edition availability and customer access details will be announced closer to the first public release.

Free

For learners and general users who need basic malware lookup and local investigation.

  • Hash, URL, domain, and IP lookup
  • Basic and Advanced Scan
  • Quarantine review
  • Reports and Database Manager

Professional

For SOC analysts, malware analysts, DFIR learners, and security researchers.

  • Everything in Free
  • Zero-Day Scan
  • Intelligence Search and API Explorer
  • Real-time Guard and Guard Service

Enterprise

For teams with private intelligence, local update, and future endpoint policy needs.

  • Everything in Professional
  • Management workspace
  • Private Database Builder
  • Local update server workflow

Analyst workflow

Move from indicator to evidence without losing context.

Malware INFO is strongest when an analyst needs practical, readable evidence: reputation context, local scan results, live process activity, persistence signals, quarantine state, and exportable reports.

  1. 01 Paste or upload an indicator for lookup.
  2. 02 Review reputation, detections, comments, relationships, and raw evidence.
  3. 03 Scan local files, memory, persistence, signatures, and YARA rules.
  4. 04 Run Zero-Day triage when behavior looks suspicious.
  5. 05 Quarantine confirmed threats or preserve findings for review.
  6. 06 Export reports and hand off evidence to the incident team.

Private intelligence

Enterprise workflows keep sensitive detections protected at rest.

The Management workspace is designed for organizations that need to convert internal hash, signature, and YARA rules into encrypted private packages for controlled endpoint use.

Malware INFO Enterprise Management workspace for private database preparation

Planned direction

A practical path toward stronger suspicious-malware research.

The roadmap is presented as direction, not a replacement for mature EDR/XDR platforms. Stability, code signing, and analyst trust come first.

Signed release pipeline

Improve installer trust, publish SHA-256 hashes, and maintain clear release notes.

Stronger real-time protection

Advance from file-event monitoring toward pre-execution checks, ransomware scoring, and response controls.

Customer portal

Provide account login, machine-bound license delivery, offline installers, and Enterprise package access.

Enterprise policy

Plan for local update control, private rule deployment, report destinations, and endpoint visibility.

Kernel-level research

Explore driver-backed visibility only after signing, testing, and stability requirements are mature.

Transparent documentation

Publish workflow guides for lookup, scanning, Guard, database management, reporting, and safe handling.

Release status

Public download is not available yet.

Malware INFO is being prepared for its first public release. This page will provide the official installer, SHA-256 hash, release notes, and GitHub release mirror when available.

Planned official domain malwareinfo.app Release assets Installer, hashes, changelog, documentation Customer portal Planned for license delivery and Enterprise downloads

Security and privacy

Built for transparent investigation.

Local-first evidence

Reports, logs, quarantine metadata, and scan findings are designed to remain readable and useful to the analyst.

Careful third-party use

VirusTotal features require appropriate API access. Sensitive internal files should not be uploaded unless the organization permits it.

Private rule handling

Enterprise private packages are designed to expose detection logic only in supported workflows, not as plain text rule files.