detection icon

Short bio

Malware.Sandbox.(id-nr) are detection names produced by the Emulation modules in Malwarebytes 4 and Malwarebytes business products. These generic malware detections are based on sandboxing and other emulation techniques. These techniques are part of Malwarebytes’ 4 engine and were developed for automated mass detection of wide ranges of malware and adware.

The id-nr is usually only one or a few digits.

Types of infection

Based on closer determination, items detected as Malware.Sandbox can be categorized more precisely based on their behavior. Malwarebytes uses the underlying threat categories:

  • Adware
  • Fraudtool
  • Hijack
  • Ransomware
  • Riskware
  • Rogue
  • Rootkit
  • Spyware
  • Trojan
  • Virus
  • Worm


Malwarebytes detects unknown threats as MalwareSandbox by using emulation techniques without any specific detection rules to protect users from malware that has been packed or protected. This helps protect our customers against 0-day malware.