Why MetaDefender Sandbox?
MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) is a comprehensive malware analysis platform that integrates advanced tools, services, and proprietary engines to focus on Indicators of Compromise (IOCs) and threat extraction from files, documents, scripts, and URLs at high speed and scale. It offers deeper insights than traditional static analysis tools, providing actionable intelligence in more cases. Its unmatched speed significantly reduces the number of artifacts requiring sandboxing, streamlining the analysis process.

For example, using a cutting-edge unique emulation engine, even extremely obfuscated, state-of-the-art and environment aware malware can be de-obfuscated and dissected in less than 15 seconds. Furthermore, any relevant IOCs (e.g. second stage download files or URLs) are automatically crosschecked with threat intelligence databases to provide accurate attribution.
Coming with a simple RESTful HTTP based API and an open and agile architecture, Filescan offers easy integration into various platforms and corporate systems. The on-premise instance can be deployed on a single server and instantly allows processing of thousands of files/URLs per day. The web interface comes with very user-centric reports that are easy to understand and contain in-depth data if needed.
Key features include
- Extract Indicators of Compromise (IOCs) from a wide range of executables, documents, scripts, and URLs
- Emulates 90%+ of highly obfuscated state-of-the-art macro malware (VBA), VBS, PowerShell, Jscript, MSHTA, XSL, WSF
- Rapid & deep analysis at high scale (50K+ scans per day/ machine)
- REST API for automated integration
- Integrates with Virus Total, YARA, MITRE ATT&CK framework and more
- Clean and intuitive reports with in-depth data on demand and able to export in HTML, PDF, MISP, STIX
- Simple and cost-effective on-premises standalone deployment or private cloud
- Designed, engineered, and maintained by experienced industry experts
An overview of all features is available on the up-to-date product page: https://www.opswat.com/products/metadefender/sandbox