UPDATE 13/3/2020: Interactive (and hopefully current) version of the table may be found here.
Whether your work has anything to do with security monitoring, malware analysis, incident response, or just general IT administration, you’ve probably come across VirusTotal. It is an invaluable tool when it comes to identifying malicious code, however sometimes we need to dig a bit deeper than just getting a “detection score” for a potentially dangerous file. In such instances, we may turn to free online sandboxes (or paid or local ones, if we have access to them, but let’s assume we don’t), which can provide us with more detailed information about the behavior of our file by executing or opening it in a virtual environment and monitoring its activities.
There have been many such tools over the years. But since some of the old ones are not working anymore (malwr.com to name one), while others appeared only relatively recently, I thought it might be interesting to take a look at what free sandboxes and analytical platforms are available to us at the beginning of 2020 and what their features are.
After going through all the free online sandboxes I could find, I picked out nine, which I believe are most useful, and summarized their features in the following table. I should mention that I intentionally didn’t put in it “specialized” sandboxes, such as AMAaaS, as I was mainly going for general-use platforms. Although the table is therefore far from being exhaustive, I think it may provide a useful quick reference to what you can get and where you can get it if you need to analyze (potentially) malicious files under specific conditions.
It should be noted that at the time of writing, none of the free sandboxes mentioned bellow support private submissions. This means that any uploaded files may be accessible to other users and/or organizations and it would therefore be unwise to upload anything sensitive to any of the platforms.