Drop any suspicious file onto ThreatLens and instantly know if it's ransomware, a credential stealer, cryptominer, or something worse. Free. No signup. No file uploads.
Six categories of threats that put your data, money, and privacy at risk.
Detects file encryption APIs (CryptEncrypt, BCryptEncrypt), shadow copy deletion commands (vssadmin, wmic), ransom note text patterns, Bitcoin/Monero wallet addresses, and Windows recovery disabling. Catches it before it locks your files.
Critical ThreatIdentifies programs targeting Chrome, Firefox, and Edge saved passwords and cookies, Discord/Telegram tokens, SSH keys, crypto wallets, FileZilla credentials, and clipboard hijacking. Flags DPAPI decryption calls used to crack browser vaults.
Critical ThreatSpots remote access trojans via process injection APIs (WriteProcessMemory, CreateRemoteThread), reverse shell patterns, PowerShell download cradles, hidden window execution, and command-and-control channel indicators.
Critical ThreatFlags mining pool connection strings (stratum+tcp://), known miner software names (XMRig, cgminer), hashrate references, and CPU affinity manipulation used to secretly mine cryptocurrency using your computer's resources.
High ThreatDetects download functions (URLDownloadToFile, DownloadString), embedded executables inside documents, packed/encrypted payloads via entropy analysis, and known packer signatures (UPX, Themida, VMProtect).
High ThreatCatches AMSI bypass attempts, Windows Defender disabling commands, AV process killing, firewall manipulation, debugger detection tricks, sandbox evasion via timing checks, and self-modifying code sections (RWX memory).
High ThreatThree steps. Under 5 seconds. No technical knowledge needed.
Download ThreatLens.exe. It's a single file -- no installer, no setup, no account needed.
Drag any suspicious file onto ThreatLens.exe. Or double-click it to open a file picker.
Get a color-coded threat score (0-100) with detailed findings, severity levels, and recommendations.
Every file is run through multiple independent detection methods for maximum coverage.
| Engine | What It Analyzes | File Types |
|---|---|---|
| PE Import Analyzer | 80+ suspicious Windows API calls across 15 threat categories -- keylogging, injection, credential theft, encryption, privilege escalation, persistence, network exfil | .exe, .dll, .scr, .sys |
| String Pattern Scanner | 50+ regex signatures for ransomware notes, crypto wallets, browser data paths, C2 channels, PowerShell cradles, mining pools, AV evasion commands | All files |
| YARA Rule Engine | 6 compiled YARA rules detecting ransomware, browser stealers, cryptominers, process injection, anti-AV evasion, and shellcode patterns | All files |
| Entropy Analyzer | Shannon entropy calculation per-section and whole-file to detect packed, encrypted, or compressed payloads hiding malicious code | All files |
| Office Macro Scanner | VBA macro extraction, auto-execute trigger detection (AutoOpen, Document_Open), Shell calls, WScript objects, download commands, obfuscation | .doc, .xls, .docm, .xlsm |
| File Identity Validator | Magic byte detection, extension mismatch warnings (e.g., .jpg that's really .exe), double extension tricks, SHA256/MD5 hashing | All files |
| VirusTotal Lookup | Checks file hash against 70+ commercial antivirus engines. Shows detection names and count. No file upload -- hash only, fully private. | All files |
Built for regular people who download files and want to stay safe.
Anyone who downloads files and wants peace of mind.
Check any .exe you downloaded before running it. Especially from forums, torrents, or links someone sent you.
Got a Word doc, PDF, or zip file from an unexpected email? Scan it first. Catches macro viruses and embedded payloads.
Someone gave you a USB stick? Scan every file on it before opening anything. Catches autorun exploits and disguised executables.
One suspicious file can encrypt your entire hard drive, steal your passwords, or silently mine crypto in the background.
Download ThreatLens -- Free