My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Dr.Web vxCube

Intelligent and interactive analyses of suspicious objects (sandbox)

  • Choose between the cloud-based and on-premise versions
  • Integrate it into an existing infrastructure
  • Set up an environment where objects can be analysed
  • Custom Dr.Web CureIt! builds for neutralising specific threats
  • For security researchers and cybercrime investigators
Buy now Get trial Buy from partners Dr.Web vxCube sign in


How it works


  • Examine suspicious objects online by analysing their behaviour in an isolated virtual environment on Doctor Web's servers
  • Set up a custom environment where objects can be analysed
  • Analyse one object simultaneously in Windows XP x32, Windows 7 x32/x64, and Windows 10 x64, and with various versions of relevant applications. A detailed list of the programs on the virtual machines can be found in the documentation
  • Analyse Android APK packages (including their requested permissions and their intended behaviour)
  • Use Dr.Web Parental Control databases to determine whether remote network nodes pose a threat
  • Reproduce any of the suspicious object’s actions in the virtual environment
  • Receive a technical report about the malware’s behaviour (including a video) as well as a map of its network activity Report examples
  • Reports from previous analysis sessions in your account area
  • Export threat indicators in STIX/MAEC
  • Upload and analyse .msi files
  • Integrate Dr.Web vxCube with your corporate IT infrastructure and automatically receive analysis reports.
  • Connect to a vxCube virtual machine via a VNC (Virtual Network Computing) viewer and control the file analysis process
  • Generate custom Dr.Web CureIt! builds to neutralise specific threats exposed by Dr.Web vxCube

Dr.Web vxCube can analyse

  • JAVA executable files
  • Windows executable files
  • Android executable files
  • Acrobat Reader files
  • Scripts
  • Microsoft Office/OpenOffice documents and other files
Find out more

To sign in to Dr.Web vxCube and upload a file for analysis, you only need a browser and an Internet connection.

If you want to control the analysis in interactive mode, make sure your browser is not configured to block pop-ups.

As a rule, an analysis is conducted in one minute or less, but if the examiner believes the allotted time won't be sufficient to analyse the suspicious file thoroughly, the desired analysis time can be specified in the settings.

An examined file is launched from the virtual machine's desktop.

The analysis determines the file's harmfulness score (from 0 to 100); a detailed report is also provided. The report contains the list of actions taken by an object and corresponding video footage.

All the analysed program’s actions are filmed. The recording can be used in a subsequent analysis—you can observe the suspicious object in action.

You will also be provided with technical information, including the nodes that the analysed file communicates with, the list of files it creates, the registry entries it alters, and much more. You can view reports in your account area or download them as archive files. Report examples.

  • Per the number of files that can be examined with Dr.Web vxCube. With the on-premise license, an unlimited number of files can be examined during the license term.
  • Additional component: Dr.Web CureIt! – a custom build that will neutralise the threat exposed by Dr.Web vxCube.

The on-premise license only conveys the non-exclusive usage rights from Doctor Web to use the service. To use the on-premise version, partners and customers acquire and set up the required hardware at their own discretion. They also need to acquire a software copy protection device (HASP-key). The corresponding proposal invoices are issued by Doctor Web.

For more information about the license’s price and delivery terms, please submit a request at


Malware analysis by Doctor Web security researchers

No automated routine can ever replace the experience and knowledge of a security researcher. If Dr.Web vxCube returns a “safe” verdict on your analysed file, but you still have your doubts about this result, Doctor Web's security researchers, who have a wealth of experience analysing malware, are ready to assist you.

Anti-virus research request

With this service, a malicious file of any complexity can be analysed. The resulting report includes:

Information about the malware’s basic principles of operation and that of its modules;

An object assessment: downright malicious, potentially dangerous (suspicious), etc.;

An analysis of the malware's networking features and the location of its command-and-control servers

The impact on the infected system and recommendations on how the threat can be neutralised.