ZIP Archive Analysis
ZIPs are the most common way to ship code and the most abused way to ship malware. Decoder ingests a ZIP server-side with hardened guards and exposes its content for review.
What it is
Server-side extraction and analysis of a ZIP archive with zip-slip and size protections.
Why it's useful
Lets you inspect untrusted archives without unpacking them locally.
How Decoder implements it
Streaming extractor rejects entries with traversal paths or oversized members; per-file static analysis runs on the contents.
When to use it
Any untrusted ZIP — source drops, vendor deliveries, suspect attachments.
When NOT to use it
Very large archives intended for batch processing — Decoder enforces upload limits.
Practical example
A vendor delivers a 40MB ZIP. Decoder extracts safely, flags a packed .exe inside and shows its entropy.
FAQ
Glossary
- Zip slip
- Archive-extraction vulnerability that lets an attacker write files outside the target directory.
Related
Repository Analysis turns a codebase into something you can read, search and interrogate. Upload a ZIP or import a public GitHub project; Decoder indexes structure, runs static checks and gates AI features behind your own key.
Static malware analysis inspects code and binaries without executing them. Decoder runs it locally on your upload and surfaces suspicious patterns, entropy spikes and known indicators — no API key required.
Entropy is a statistical measure of how 'random' the bytes in a file look. In malware analysis, abnormally high entropy is a strong signal that a section is packed, encrypted or otherwise obfuscated.
Decoder parses Windows PE binaries to expose the structural signals a reviewer needs: sections, imports, exports, per-section entropy and known IoCs.
Decoder accepts any public GitHub URL: it pulls the tree and runs the same analysis pipeline as a ZIP upload.