{"id":12148,"date":"2025-03-13T10:31:57","date_gmt":"2025-03-13T10:31:57","guid":{"rendered":"\/cybersecurity-blog\/?p=12148"},"modified":"2026-03-19T12:15:01","modified_gmt":"2026-03-19T12:15:01","slug":"pre-installed-dev-tools","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/","title":{"rendered":"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0"},"content":{"rendered":"\n<p><a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN sandbox<\/a> just got even more powerful thanks to a&nbsp;new pre-installed development software set&nbsp;in its virtual machines (VMs).&nbsp;<\/p>\n\n\n\n<p>Building on our existing pre-installed sets, we\u2019re introducing this new option to give researchers even more&nbsp;flexibility and advanced tools&nbsp;for analyzing highly specific and complex malware inside the sandbox.&nbsp;<\/p>\n\n\n\n<p>With this update, before <a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-analysis-in-a-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">launching an analysis session<\/a>, users can&nbsp;select the &#8220;Development&#8221; software set&nbsp;to instantly load a specialized toolkit designed for&nbsp;deep malware investigation. This is especially useful for working with&nbsp;Python-based malware, Node.js-based threats and adding deeper debugging and inspection capabilities.&nbsp;<\/p>\n\n\n\n<p>Let\u2019s take a closer look at this latest addition and discover how you can use it!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why This Update Matters: Key Benefits&nbsp;<\/h2>\n\n\n\n<p>This&nbsp;new software set significantly enhances malware research&nbsp;by providing tools that cater to specific types of malware. Here\u2019s why we&#8217;ve added this soft set:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Analyze new types of malware (Python\/Node.js-based threats)<\/strong>: Many modern malware samples are written in Python or Node.js, and having the right tools pre-installed makes their analysis more efficient.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li><strong>Improved debugging and reverse engineering:<\/strong> The presence of advanced debuggers and analysis tools&nbsp;helps senior analysts&nbsp;dive deeper into malware behavior, extract insights, and develop better detection techniques.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li><strong>Faster and more efficient research sessions: <\/strong>No more manual installation, just launch the VM, and all necessary tools are available, saving time and improving workflow.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li><strong>Expanding the database of ANY.RUN<\/strong>: By introducing&nbsp;new analysis scenarios, this update&nbsp;broadens the platform\u2019s capabilities, making it more useful for a wide range of malware research and forensic investigations.&nbsp;<\/li>\n<\/ol>\n\n\n\n<!-- CTA Split START -->\n<div class=\"cta-split\">\n<div class=\"cta__split-left\">\n\n<!-- Image -->\n<img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/mcusercontent.com\/663b94f19348582a8dc323efe\/images\/0d88188b-3e89-2314-5a60-cb87e8077326.png\" alt=\"ANY.RUN cloud interactive sandbox interface\" class=\"cta__split-icon\" \/>\n<\/div>\n\n<div class=\"cta__split-right\">\n<div>\n\n<!-- Heading -->\n<h3 class=\"cta__split-heading\"><br>Sandbox for Businesses<\/h3>\n\n<!-- Text -->\n<p class=\"cta__split-text\">\nDiscover all features of the <span class=\"highlight\">Enterprise Suite plan<\/span> designed for businesses and large security teams.\n<br \/>\n<\/p>\n<\/div>\n<!-- CTA Link -->\n<a target=\"_blank\" rel=\"noopener\" id=\"article-banner-split\" href=\"https:\/\/any.run\/cybersecurity-blog\/anyrun-for-enterprises\/\"><div class=\"cta__split-link\">See details<\/div><\/a>\n<\/div>\n<\/div>\n<!-- CTA Split END -->\n<!-- CTA Split Styles START -->\n<style>\n.cta-split {\noverflow: hidden;\nmargin: 3rem 0;\ndisplay: grid;\njustify-items: center;\nborder-radius: 0.5rem;\nwidth: 100%;\nmin-height: 25rem;\ngrid-template-columns: repeat(2, 1fr);\nborder: 1px solid rgba(75, 174, 227, 0.32);\nfont-family: 'Catamaran Bold';\n}\n\n.cta__split-left {\ndisplay: flex;\nalign-items: center;\njustify-content: center;\nheight: 100%;\nwidth: 100%;\nbackground-color: #161c59;\nbackground-position: center center;\nbackground: rgba(32, 168, 241, 0.1);\n}\n\n.cta__split-icon { \nwidth: 100%;\nheight: auto;\nobject-fit: contain;\nmax-width: 100%;\n}\n\n.cta__split-right {\ndisplay: flex;\nflex-direction: column;\njustify-content: space-between;\npadding: 2rem;\n}\n\n.cta__split-heading { font-size: 1.5rem; }\n\n.cta__split-text {\nmargin-top: 1rem;\nfont-family: Lato, Roboto, sans-serif;\n}\n\n.cta__split-link {\npadding: 0.5rem 1rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: white;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\ndisplay: block;\nz-index: 1000;\nposition: relative;\ncursor: pointer !important;\n}\n\n.cta__split-link:hover {\nbackground-color: #68CBFF;\ncolor: white;\ncursor: pointer;\n}\n\n.highlight { color: #ea2526;}\n\n\n\/* Mobile styles START *\/\n@media only screen and (max-width: 768px) {\n\n.cta-split {\ngrid-template-columns: 1fr;\nmin-height: auto;\n}\n\n.cta__split-left {\nheight: auto;\nmin-height: 10rem;\n}\n\n\n.cta__split-left, .cta__split-right {\nheight: auto;\n}\n\n.cta__split-heading { font-size: 1.2rem; }\n\n.cta__split-text { font-size: 1rem; }\n.cta__split-icon {\nmax-height: auto;\nobject-fit: cover;\n}\n\n}\n\/* Mobile styles END *\/\n<\/style>\n<!-- CTA Split Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s Included in the New Software Set?&nbsp;<\/h2>\n\n\n\n<p>The&nbsp;pre-installed software set&nbsp;includes essential tools that malware analysts, security researchers, and threat hunters frequently use for analyzing complex threats:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-1024x585.png\" alt=\"\" class=\"wp-image-12159\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-1024x585.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-768x439.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-1536x877.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-2048x1169.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/1-1-740x423.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Pre-installed software set for deeper malware analysis<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">List of Pre-Installed Tools&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Python (latest version)<\/strong>&nbsp;\u2013 Important for analyzing Python-based malware, executing scripts, and automating analysis.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Node.js (latest version)<\/strong>&nbsp;\u2013 Helps in investigating Node.js-based malware and executing malicious scripts in a controlled environment.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DebugView<\/strong>&nbsp;\u2013 Captures real-time debug output from Windows applications, useful for identifying malware behavior.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DIE (Detect It Easy)<\/strong>&nbsp;\u2013 A tool for identifying executable file packers, obfuscators, and compilers used by malware authors.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>dnSpy<\/strong>&nbsp;\u2013 A powerful .NET debugger and decompiler, ideal for reverse-engineering malware written in C# or VB.NET.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>HxD<\/strong>&nbsp;\u2013 A hex editor that allows analysts to inspect and modify binary files, memory, and disk structures.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Process Hacker<\/strong>&nbsp;\u2013 An advanced process monitoring tool for tracking system behavior and detecting malicious activity.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>x64dbg<\/strong>&nbsp;\u2013 A dynamic debugger for analyzing malware at the assembly level, often used for unpacking and reverse engineering.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Wireshark PE<\/strong>&nbsp;\u2013 A network protocol analyzer for capturing and inspecting suspicious network traffic during malware execution.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Use the New Software Set in ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>This\u00a0pre-installed toolset\u00a0is now available for\u00a0ANY.RUN Enterprise Suite users\u00a0running malware analysis on\u00a0<a href=\"https:\/\/any.run\/cybersecurity-blog\/windows-10-sandbox\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows 10 (64-bit)<\/a>\u00a0virtual machine.\u00a0<\/p>\n\n\n\n<p>Steps to Enable the Pre-Installed Software Set:&nbsp;<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Go to <a href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktoregistration#register\/\">ANY.RUN&#8217;s sandbox<\/a> configuration.&nbsp;<\/li>\n<\/ol>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nAnalyze complex cyber threats inside the safe and secure <span class=\"highlight\">ANY.RUN Interactive Sandbox<\/span>&nbsp;   \n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/app.any.run\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=pre_installed_dev_tools&#038;utm_term=130325&#038;utm_content=linktoregistration#register\/\" target=\"_blank\" rel=\"noopener\">\nSign up for free\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Select Windows 10-64 as the operating system.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"793\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-1024x793.png\" alt=\"\" class=\"wp-image-12161\" style=\"width:486px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-1024x793.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-300x232.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-768x595.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-1536x1190.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-370x287.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-270x209.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3-740x573.png 740w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/2-3.png 1678w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>In the &#8220;Pre-installed Soft Set&#8221; option, choose &#8220;Development&#8221;.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"814\" height=\"660\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1.png\" alt=\"\" class=\"wp-image-12162\" style=\"width:488px;height:auto\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1.png 814w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1-300x243.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1-768x623.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1-370x300.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1-270x219.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/4-1-740x600.png 740w\" sizes=\"(max-width: 814px) 100vw, 814px\" \/><\/figure><\/div>\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Start the analysis session, and the selected tools will be automatically available inside the VM.&nbsp;<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-1024x576.png\" alt=\"\" class=\"wp-image-12163\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-1024x576.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-768x432.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-1536x864.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-2048x1152.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/3-1-740x416.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Let\u2019s look at a couple of practical examples of how this update improves research workflows.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example 1: Extracting MSI Package Files with Lessmsi&nbsp;<\/h3>\n\n\n\n<p>In the following analysis session, we can see how the&nbsp;Lessmsi tool&nbsp;helps extract files from&nbsp;MSI packages&nbsp;without executing them. &nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/0301c814-d0b7-4f3e-9763-b4ae4ffca9da\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis session<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"584\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-1024x584.png\" alt=\"\" class=\"wp-image-12164\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-1024x584.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-300x171.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-768x438.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-1536x876.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-2048x1168.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-370x211.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/5-1-740x422.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Lessmi tool used inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>This is particularly useful for researchers who want to inspect the contents of an installer safely and identify any suspicious files or embedded scripts.&nbsp;<\/p>\n\n\n\n<p>During this process, the&nbsp;Detect It Easy (DiE) tool&nbsp;is also used, helping analysts gather more details about the extracted binaries, such as file signatures, packers, and obfuscation methods. &nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-1024x579.png\" alt=\"\" class=\"wp-image-12165\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-1024x579.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-300x169.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-768x434.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-1536x868.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-2048x1157.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-370x209.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-270x153.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/6-1-740x418.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>DiE tool used for detailed analysis of malware<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By combining these tools, users can&nbsp;uncover hidden threats&nbsp;inside MSI packages without the risks associated with running them.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Example 2: Debugging Malware with x64dbg<\/strong><\/h3>\n\n\n\n<p>In this analysis session,&nbsp;<strong>x64dbg<\/strong>&nbsp;is used, a powerful debugger that allows users to step through malware execution, analyze code behavior, and identify hidden functionality. <\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/89375e4c-0941-43e4-b987-790c15111af2\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis session<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"586\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-1024x586.png\" alt=\"\" class=\"wp-image-12184\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-1024x586.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-300x172.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-768x439.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-1536x878.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-2048x1171.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-370x212.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-270x154.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/9-1-740x423.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>x64dbg used inside ANY.RUN sandbox<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>This is particularly useful for unpacking malware, bypassing obfuscation techniques, and understanding how the sample interacts with the system.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example 3: Searching Inside Unpacked Binaries with HxD&nbsp;<\/h3>\n\n\n\n<p>In this analysis session, <strong>HxD <\/strong>is used, a hex editor that allows users to&nbsp;search within all types of files&nbsp;for specific strings, patterns, or hidden data. This is useful when working with&nbsp;unpacked binaries, encrypted payloads, or&nbsp;malware that tries to conceal its real purpose&nbsp;within other formats.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/1e3f3c41-b835-4f27-8ba8-d76f1274aac8\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktoservice\" target=\"_blank\" rel=\"noreferrer noopener\">View analysis session<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"575\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-1024x575.png\" alt=\"\" class=\"wp-image-12166\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-1024x575.png 1024w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-300x168.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-768x431.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-1536x862.png 1536w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-2048x1149.png 2048w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-370x208.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-270x152.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2025\/03\/7-1-740x415.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>HxD used for deeper analysis inside ANY.RUN sandbox<\/em>&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<p>By using&nbsp;HxD inside ANY.RUN\u2019s sandbox, analysts can quickly locate&nbsp;critical data inside malware samples&nbsp;without needing to transfer files externally, making the analysis process safer and more efficient.&nbsp;<\/p>\n\n\n\n<p>In this case, the word \u201csoftware\u201d was searched with the help of HxD inside our secure environment to look for relevant information.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>With the new&nbsp;pre-installed development software set, malware analysis in ANY.RUN just got a whole lot easier. Instead of jumping between different tools and setups, everything you need is already there inside the sandbox, ready to go.&nbsp;<\/p>\n\n\n\n<p>For businesses, this means&nbsp;faster threat detection and a more seamless workflow, all in a&nbsp;secure, controlled environment.&nbsp;<\/p>\n\n\n\n<p>Give it a try and&nbsp;see how much easier malware detection and analysis can be!&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktolanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN<\/a>&nbsp;helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/introducing-any-run-threat-intelligence-lookup\/\" target=\"_blank\" rel=\"noreferrer noopener\">TI Lookup<\/a>,&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/yara-search\/\" target=\"_blank\" rel=\"noreferrer noopener\">YARA Search<\/a>, and&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/threat-intelligence-feeds\/\" target=\"_blank\" rel=\"noreferrer noopener\">Feeds<\/a>, help you find IOCs or files to learn more about the threats and respond to incidents faster.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/demo\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=pre_installed_dev_tools&amp;utm_term=130325&amp;utm_content=linktodemo\" target=\"_blank\" rel=\"noreferrer noopener\">Request free trial of ANY.RUN\u2019s services \u2192<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ANY.RUN sandbox just got even more powerful thanks to a&nbsp;new pre-installed development software set&nbsp;in its virtual machines (VMs).&nbsp; Building on our existing pre-installed sets, we\u2019re introducing this new option to give researchers even more&nbsp;flexibility and advanced tools&nbsp;for analyzing highly specific and complex malware inside the sandbox.&nbsp; With this update, before launching an analysis session, users [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":12187,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[57,34,56],"class_list":["post-12148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-service-updates","tag-anyrun","tag-malware-analysis","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0<\/title>\n<meta name=\"description\" content=\"ANY.RUN now offers a new pre-installed development software set, giving analysts advanced tools for deeper malware investigation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0\",\"datePublished\":\"2025-03-13T10:31:57+00:00\",\"dateModified\":\"2026-03-19T12:15:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\"},\"wordCount\":1122,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"malware analysis\",\"update\"],\"articleSection\":[\"Service Updates\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\",\"name\":\"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2025-03-13T10:31:57+00:00\",\"dateModified\":\"2026-03-19T12:15:01+00:00\",\"description\":\"ANY.RUN now offers a new pre-installed development software set, giving analysts advanced tools for deeper malware investigation.\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Updates\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0","description":"ANY.RUN now offers a new pre-installed development software set, giving analysts advanced tools for deeper malware investigation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0","datePublished":"2025-03-13T10:31:57+00:00","dateModified":"2026-03-19T12:15:01+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/"},"wordCount":1122,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","malware analysis","update"],"articleSection":["Service Updates"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/","url":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/","name":"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2025-03-13T10:31:57+00:00","dateModified":"2026-03-19T12:15:01+00:00","description":"ANY.RUN now offers a new pre-installed development software set, giving analysts advanced tools for deeper malware investigation.","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/pre-installed-dev-tools\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Service Updates","item":"https:\/\/any.run\/cybersecurity-blog\/category\/service-updates\/"},{"@type":"ListItem","position":3,"name":"New Pre-Installed Dev Tools for Deep Sandbox Malware Analysis\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12148"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=12148"}],"version-history":[{"count":15,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12148\/revisions"}],"predecessor-version":[{"id":19378,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/12148\/revisions\/19378"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/12187"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=12148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=12148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=12148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}