Mass Malware Analysis: A Do-It-Yourself Kit

Theory, practice and a construction manual for an automated analysis station for malware using trivial and free instruments.

Publication Date

October, 14th 2009


Christian Wojner




You can download the full document in pdf format here.


This paper outlines the relevant steps to build up a customizable automated malware analysis station by using only freely available components with the exception of the target OS (Windows XP) itself. Further a special focus lies in handling a huge amount of malware samples and the actual implementation at As primary goal the reader of this paper should be able to build up her own specific installation and configuration while being free in her decision which components to use.


The first part of this document will cover all the theoretical, strategic and methodological aspects. The second part is focusing on the practical aspects by diving into's automated malware analysis station closing with an easy to follow step-by-step tutorial, how to build up's implementation for your own use. So feel free to skip parts.