Malware Analyzer G2

Advanced threat intelligence powered by Norman SandBox® and IntelliVM

The Norman Malware Analyzer G2 provides industry-leading Hybrid SandBoxing, technology that enables IT and security teams to run suspicious artifacts through the award-winning Norman SandBox®, and concurrently analyze the code in Norman’s virtualized IntelliVM modules.  Norman’s Hybrid SandBoxing combines the traditional emulated sandbox with IntelliVM technology for comprehensive threat detection.  The dynamic analysis capabilities of the Malware Analyzer product s are unmatched by any other products.

Malware Analyzer Benefits

  • Powerful Data Mining and Threat Assessment - Hybrid SandBoxing produces intelligence unmatched by any other solution
  • Web-Based Analysis Desktop management dashboard console. Users can search the malware intelligence and collection database, storing samples, reports, and events
  • Scalable Architecture - Process hundreds of thousands of files per day with parallel sample processing
  • Rapid Deployment – Integrates into many different environments and workflows with flexible APIs
  • Ease of Use - Drill-down to effortlessly generate the intelligence of a seasoned reverser for more advanced risk assessment
  • Flexible Reporting - Customizable intelligence reports with real-time incident alerting

Malware Analyzer Features

  • G2 Analysis Framework - Detects unknown and advanced threats
  • Norman IntelliVM – Offers greater control over test environments and structured storage of samples for superior behavioral analysis
  • Norman SandBox – Offering multiple profiles, Norman’s patented SandBox is a proven weapon against cyber threats
  • Code Interrogator Pattern Matching - Transfer existing analysis expertise to automatically compute custom risk scores
  • Supports multiple VMs with Windows XP® and Windows 7® base OSes, and unlimited software configurations
  • Plugin architecture allows environment preparation, execution control, post-processing analysis and data collection using Python scripts
  • RESTful API (RAPI) allows integration into many different environments and workflows
  • Scan files from a website based on URLs


Norman has taken malware analysis to the next level with a hybrid sandboxing model. By integrating the latest virtualization technology with the award winning Norman SandBox, Norman has combined the benefits of code emulation with VM introspection to offer unmatched threat intelligence

IntelliVM images can be fully customized, giving analysts the ability to analyze any threat type, in any version of any application they choose. IntelliVM can be tailored to match your organizations desktop environments, gathering intelligence on malware targeting your environment and specific application vulnerabilities.

> Read More


Norman SandBox®, a pro-active anti-malware technology,  is a fully emulated Windows environment clone for simulating code execution, built to fight cyber threats. The operating system, software, system hardware, and network are all simulated, unlike any other tool on the market. Focused on analyzing malicious threats, Norman Sandbox enables quick adaptation to the changing threat landscape.

> Read More

Comprehensive Malware Defense with Norman Network Protection

When the Malware Analyzer G2 (MAG2) MAG2 is deployed with Norman Network Protection (NNP), the interception and discovery of malicious files in your network is simplified.  NNP collects files on the wire, detects known malware and delivers payloads from unknown threats to the MAG2 for deep malware analysis. Once analysis is completed in MAG2, security teams have actionable intelligence to remediate the damage from the malware. In addition, MAG2 provides NNP with detection criteria for the malware so that future attacks can be blocked.