Product Overview

Home / Product Overview

SecondWrite adds another dimension to malware analysis by including a component on deep program analysis at run time. This pushes the envelope of malware detection.

As opposed to other solutions where malware is able to hide itself, our patented technology acts as a lie detector that analyzes all the code in the malware by using complete code exploration. Other sandboxes handle evasion after the fact. Our technology is independent of the underlying evasive mechanism and proactively defeats any known or unknown zero-day evasion techniques.

Other solutions achieve only partial visibility into malware by examining its OS-level behavior only. SecondWrite’s solution achieves complete visibility into malware by examining Program-level behavior in addition to OS-level behavior.  This can be used to detect anti-analysis malware. Anti-analysis malware is malware that hides from a variety of detection tools, such as anti-virus (AV), endpoint, debugging, sandbox, and reverse engineering tools. Other tools cannot detect this anti-analysis behavior since it cannot be detected using OS-level monitoring alone. We can detect such behavior by combining OS-level and Program-level behavior. When present, such anti-analysis behavior is a good indicator of malicious intent.

Product Features


Zero-day evasions, Targeted attacks, Stalling code, Anti-VM malware, time bombs and others.

Capture Anti-Analysis IOCs

These include internal program structure, anti-debugger, anti-endpoint, anti-binary analyzer, and obfuscation.

Easy-to-use API

Integrates easily with other security solutions.

Handles all file types

  • Windows executables.
  • Windows DLLs
  • .NET executables
  • PDF
  • MS Word (.DOC and .DOCX)
  • MS PPT (.PPT and .PPTX)
  • MS Excel (XLS and XLSX)
  • HTML
  • URLs
  • Archives (.zip, .rar, 7z, .iso, .tar, .gz,.bz2)

SecondWrite’s advanced malware sandbox detects and stops all types of malware including advanced evasive malware. Our sandbox is meant for use by at least the following customer segments:

  • Security operations centers (SOCs) at enterprises
  • Incidence response (IR) teams
  • Computer Emergency Response Teams (CERT)
  • Managed security service providers (MSSPs)
  • Threat intelligence vendors
  • Network security companies
  • Endpoint security vendors

In each of these segments, the customer submits files to our sandbox for evaluation. Our sandbox then returns a report for each file describing its dynamic behavior.


70% more indicators of compromise detected on randomly selected malware data sets than a leading sandbox containing ad-hoc anti-evasive techniques.

Handles all kinds of evasive malware. Other bare-metal or full-system emulation only handle anti-VM malware.

Handles zero-day or previously unknown evasions. Ad-hoc techniques used in other sandboxes are easily circumvented by advanced malware.

Example Comparison

Below find the indicators of compromise (IOCs) extracted from Rombertik, a highly evasive widespread spyware that steals confidential information from victims and was highly active in 2015. All IOCs marked as new were detected due to SecondWrite’s unique binary rewriting technology. SecondWrite sandbox shows around 2X more IOCs than other sandboxes.

With SecondWrite