Malware Analysis and Reverse Engineering 

Malware reverse engineering is an undisputed element of cyber security incident management. Building and maintaining this capability in-house is challenging in many aspects, so SOC managers and DFIR leaders should consider leveraging reverse engineering as a service.


Analysis of suspicious code is inevitable at some point in the life of security teams. Numerous technologies, operating at network and endpoint levels, aid cyber security professionals in performing automated runtime analysis of code to conclude whether the code is benign or malicious.

Evolving Malware Threats

New generation of malware use highly evasive techniques to bypass automated malware analysis tools, therefore the verification of potentially malicious samples becomes a fundamental requirement 

Faulty Malware Incident Response

Without an understanding of what the malicious code does and properly identifying which assets are impacted, the containment of and full recovery from malware incidents might be inaccurate

Talent Shortage

Truly skilled malware reverse engineers are hard to be recruited and obtained, and even after hiring them they perform core reverse engineering tasks only a quarter of their time*

* based on "11 Strategies of a World-Class Cybersecurity Operations Center" by MITRE

When automated analysis tools have fulfilled their tasks and questions regarding a suspicious file are still open, getting the answers requires in-depth malware analysis. So skilled malware reverse engineers need to take over and drive the analysis for adequate results.


Malware Reverse Engineering as a Service takes off such a burden by providing on-demand malware analysis capability. Subscuto's Malware Reverse Engineering service offers the human analysis of malware built on decades of experience at high capacity powered by Subscuto's automation-aided triaging pipeline in a purpose-built environment.


Main use cases

Tactical Malware Reverse Engineering

to support the response part of the incident management by deep analysis of malware behavior and infrastructure 

Analysis of Suspicious Files

such as e-mail attachments to increase the accuracy of the detection phase of incident management

Malware Behavior Analysis

to develop effective defense countermeasures and boost actionable threat intelligence

Yet another sandbox?

While malware sandboxes and purpose-built analyses platforms are inevitably needful when it comes to analyze malwares, we deliver unique capabilities supporting you to tackle high-profile malware incidents, when automated analysis tools reach their limits: 

  • the service ensures that there is no need to upload the samples to any public environment; the analysis is performed in a private, purpose-built system, therefore 
  • specific evasion techniques cannot be developed against it, unlike in the case of automated sandbox solutions, and 
  • as the analysis is completed on bare-metal computer with manual supervision, malware evasion techniques become less effective therefore 
  • as part of the service, our highly skilled malware reverse engineers perform deep human-driven analysis to determine malware behaviors and infrastructure so SOC engineers and analysts can implement actionable defensive countermeasures

Who can benefit from our service?

who want to extend their SecOps and Incident Response services yet lack the capability and tool set to provide malware reverse engineering

who seek to establish and maintain high-level malware analysis and reverse engineering capability, but have no or limited resources to succeed

who want to elevate the quality and efficiency of their service and provide actionable remediation guidance in the case of malware incidents


Decades of experience

Highly skilled professionals and a unique, purpose-built technology under the hood

Cost efficiency

No need to hire full-time reverse engineers who are hard to be recruited and obtained

Tailor-made service

With the ultimate goal of supporting efficient malware incident management end-to-end

Need help in finding the right service?


Any file that is considered as potentially malicious, e.g., executable, office files (docx, xlsx, etc.), pdf. 

The malware sample can be shared via multiple methods depending on the Customer's preference, e.g.: as a password-protected attachment of an e-mail, upload to a dedicated share, or via a custom API. 

The time required for the investigation depends on the malware family, it can take from hours to days. Once the triage phase is completed, a preliminary ETA for the report can be provided. 

The outcome of the analysis is a customizable report which is by default optimized for incident management. The report is intended to help with the practical incident response: to get clear information on whether the code is malicious, what it does, how can it be recognized and how should it be remediated.

The report of the analysis is designed to support the cyber security incident in which the malware sample is involved. Should you have further questions about defining the accurate incident response plan, our specialists can assist upon request. Also, we are ready to help define the associated detection or prevention content for the malware. In case of major incidents, our incident response team can be engaged as part of our MDR service offerings.

Subscuto Kft

1117 Budapest, Galambóc utca 18 Hungary                    
Tax #: 27988965-2-43
Registration #: 0109370615


Phone: +36 70 429 8960

Page was designed with Mobirise