Malware Analysis

Task type
Respond to an incident
Readiness Level
Foundational, Intermediate, Advanced


Benefits include an isolated network that allows SMEs to work with potential malware while limiting exposure to production networks, a classified capability, analytical capabilities, and the extrication of malicious code. Samples may be submitted online using the “Report Malware” option at

The Advanced Malware Analysis Center provides 24/7 dynamic analysis of malicious code. Stakeholders submit samples via an online website and receive a technical document outlining analysis results. Experts detail recommendations for malware removal and recovery activities. This service can be performed in conjunction with incident response services if required.


  • Isolated network – A standalone, closed computer network system that allows SMEs to work with potential malware while limiting exposure to production networks
  • Classified capability – A Sensitive Compartmented Information Facility for coordination with members of the intelligence community, law enforcement, and trusted third parties
  • Analytical capabilities – Experts analyze the current state of computer systems, storage mediums, and physical memory of computer systems.
  • Extrication of malicious code – Analysts conduct static analysis and behavior analysis of malicious code types (e.g., worms, Trojans, spyware, botnets, and rootkits) using standard reverse engineering and debugging tools for malicious artifacts that are extracted from infected systems and submitted to CISA for analysis.


For further questions or requests, contact the CISA Central.

To submit malware for analysis, visit the Malware Analysis Submissions page.