What is DECODA?
DECODA is a malware analysis platform that combines conversational AI with a full static analysis toolkit. Upload a suspicious file, ask questions in plain English, and let the AI run tools like Ghidra, YARA, and Python scripts inside an isolated sandbox to break down what the sample does. Whether you’re triaging alerts in a SOC, conducting deep reverse engineering, or learning how malware works, DECODA handles the heavy lifting so you can focus on understanding threats.Key Capabilities
Two Analysis Modes
Ask mode for quick Q&A about samples. Agent mode for autonomous, tool-driven deep analysis.
Automated Triage
Every upload is automatically hashed, scanned with YARA rules, checked against VirusTotal, and classified by type.
Sandboxed Tooling
Ghidra, YARA, Python, and 15+ tools run inside isolated Firecracker microVMs with network disabled. No risk of malware callbacks.
Threat Intelligence Reports
Generate structured reports with IOCs, MITRE ATT&CK mappings, and executive summaries. Export as Markdown, PDF, or HTML.
Who is DECODA for?
- SOC Analysts looking to speed up alert triage and sample classification
- Incident Responders who need fast, actionable intelligence from suspicious files
- Reverse Engineers who want AI assistance with static analysis workflows
- Security Students learning malware analysis and reverse engineering techniques
- Threat Hunters building detection rules and tracking adversary TTPs
Get Started
Quickstart
Upload your first sample and run your first analysis in minutes.
Analysis Modes
Learn the difference between Ask and Agent mode, and when to use each.
Triage Pipeline
Understand what happens automatically when you upload a sample.
Reports
Generate and export structured threat intelligence reports.