15 Modules · One Platform

Analysis Services

The complete Kernel Lab module catalogue. Every binary you upload runs through the same pipeline — pick a tier to determine which modules execute.

description

PE Analysis

Full parse of PE/COFF headers — sections, imports, exports, resources, certificates, debug directory.

Available FreeMonth6moYearTeam

text_snippet

Strings Extraction

ASCII + UTF-16LE string extraction with entropy filtering, encoded-string heuristics, and URL/path detection.

Available FreeMonth6moYearTeam

inventory_2

Packer Detection

Signature + entropy + section-name heuristics across 50+ commercial and custom packers.

Available FreeMonth6moYearTeam

psychology

AI Decompiler

Assembly → C-style pseudo-code with semantic function naming, type recovery, inline reasoning.

Available FreeMonth6moYearTeam

key

Secrets Scanner

Detects embedded API keys, JWTs, OAuth tokens, private keys, and password patterns at unpacked offsets.

Available FreeMonth6moYearTeam

verified_user

License Analyzer

Identifies HWID composition, time-bombs, online validation endpoints, grace periods, and token formats.

Available FreeMonth6moYearTeam

enhanced_encryption

Crypto Detector

Locates AES/RSA/ChaCha20/SHA constants, crypto API calls, and identifies modes + key sizes from context.

Available FreeMonth6moYearTeam

rule

YARA Scanner

Matches against 2,400+ curated kernel-lab rules plus community rule packs (malware, packer, cred patterns).

Available FreeMonth6moYearTeam

timeline

Behavior Timeline

Emulated execution trace — chronological API calls, network attempts, file I/O, registry touches.

Available FreeMonth6moYearTeam

bug_report

Debugger Script Gen

Auto-generates ready-to-run x64dbg or WinDbg scripts that bypass anti-debug and dump unpacked code.

Available FreeMonth6moYearTeam

layers_clear

Universal Unpacker

CPU-emulation-based unpacker covering VMProtect, Themida, Enigma, UPX, PyInstaller and 40+ others.

Available FreeMonth · 10/d6moYearTeam

picture_as_pdf

PDF Report Generator

Forensic-grade PDF — branded, executive summary, full module output, recommended remediations.

Available FreeMonth6moYearTeam

api

REST API

Programmatic upload, polling, and report download. Webhook callbacks. 10 RPS default.

Available FreeMonth6moYearTeam

difference

Binary Diff

Function-level diff between two binaries — patch analysis, version comparison, vuln backporting.

Available FreeMonth6moYearTeam

policy

YARA Rule Generator

Synthesizes deployable YARA rules from a binary's unique constants, code patterns, and import combos.

Available FreeMonth6moYearTeam

// Get Started

All 15 modules. One upload.

Drop a binary into Kernel Lab and every applicable module fires automatically. No configuration, no chaining. Free tier runs the static stack — upgrade to unlock the AI decompiler, unpacker and the rest.

Compare Plans

// Frequently Asked

Common Questions

Kernel Lab supports Windows PE executables (.exe, .dll, .sys), Android APKs, ELF binaries (Linux), and Python compiled executables (PyInstaller, cx_Freeze). Maximum file size is 100MB per upload.

No. Binary files are automatically deleted from our sandbox within 24 hours of upload. Only the analysis report and findings are stored in your account. Your files are never shared or sold.

The AI report is generated by Claude Sonnet powered by Anthropic, using structured data from 12+ specialized tools (pefile, FLOSS, CAPA, YARA, DIE, VirusTotal, and more). The AI synthesizes all tool outputs into a coherent intelligence report. It is highly accurate for behavior classification and risk scoring, though always review critical findings manually.

The free plan gives you 3 binary analyses with access to PE metadata, section entropy, DIE detection, VirusTotal hash lookup, and basic string analysis. Premium features including AI executive summary, YARA signatures, CAPA capabilities, secrets scanner, crypto detector, behavior timeline, debugger scripts, and PDF reports require a paid plan.

Most analyses complete in 30 to 90 seconds. Larger files or heavily packed binaries may take up to 3 minutes. CAPA behavioral analysis and AI report generation are the longest steps. You can leave the page and return — results are saved to your dashboard.

Yes. Kernel Lab is designed for security researchers, malware analysts, and reverse engineers. Uploaded files are processed in an isolated sandbox with no outbound network access. We do not execute binaries — all analysis is static. Ensure you have authorization to analyze any binary you upload.

All payments are processed via NowPayments supporting Bitcoin (BTC), Ethereum (ETH), USDT, Monero (XMR), and 50+ other cryptocurrencies. Payments are one-time or subscription-based depending on the plan. Crypto payments are final and non-refundable once confirmed on-chain.

Yes. The Team and Pro plans include REST API access so you can integrate Kernel Lab analysis directly into your security pipeline or CI/CD workflow. API keys are available in your dashboard under account settings once you upgrade.