1. Create Your Account
Head to decodalabs.com and sign up. DECODA supports OAuth and SAML authentication via WorkOS. Once you’ve signed in, you’ll land on the analysis screen.2. Upload a Sample
From the main screen, you can upload a file in two ways:- Drag and drop a file directly onto the input area
- Click the attach button to browse your filesystem
Uploaded files are stored securely. All analysis runs inside isolated sandboxes with no network access.
3. Wait for Triage
As soon as your file uploads, DECODA’s automated triage pipeline kicks in. You’ll see real-time progress as it:- Hashes the file (MD5, SHA1, SHA256, ssdeep, imphash)
- Scans with built-in YARA rulesets (malware families, packers, ransomware signatures)
- Checks VirusTotal for known detections
- Classifies the binary type and extracts metadata (PE sections, compilation timestamps, security flags)
4. Start Analysing
You have two modes to choose from. Toggle between them at the top of the input area.Ask Mode
Type a question in plain English and get an instant response. Great for:- “What type of file is this?”
- “Does this sample use any known packing techniques?”
- “Explain what the YARA matches mean”
Agent Mode
For deeper analysis, switch to Agent mode. The AI will autonomously decide which tools to run, execute them in a sandboxed microVM, and synthesise the results. For example:- “Decompile the main function and explain what it does”
- “Extract all network IOCs from this sample”
- “Run a full static analysis and generate a report”
See the Analysis Modes guide for a full breakdown of both modes and the available tools.
5. Generate a Report
Once you have enough findings, ask the agent to generate a report:“Generate a threat intelligence report for this sample”The report includes an executive summary, technical analysis, IOCs (network, file, and host indicators), and MITRE ATT&CK technique mappings. You can download it as Markdown, PDF, or HTML.