Buster Sandbox Analyzer - Page 20

Buster_BSA · #**476** August 26th, 2012, 07:24 PM

Released Buster Sandbox Analyzer 1.76.

Changes:

+ Added a feature to check for API hooks
+ Added “Launch Custom Applications” feature
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Removed “Launch Internet Explorer” and “Launch Windows Explorer” features
+ Fixed several bugs

Buster_BSA · #**477** August 30th, 2012, 08:19 AM

Released Buster Sandbox Analyzer 1.77.

Changes:

+ Fixed several bugs

Buster_BSA · #**478** September 1st, 2012, 03:07 PM

I did not receive any feedback recently. Nobody is using new versions?

Buster_BSA · #**479** September 17th, 2012, 07:57 AM

Released Buster Sandbox Analyzer 1.78.

Changes:

+ Added a feature to specify report folder in automatic mode
+ Improved “URL Analyzer” feature
+ Improved command line feature
+ Removed “Save Settings on Exit” feature
+ Fixed several bugs

Buster_BSA · #**480** September 24th, 2012, 10:47 AM

Released Buster Sandbox Analyzer 1.79.

Changes:

+ Added “Edit BSA_USER.DAT” feature
+ Improved typical error problem checkings
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Fixed several bugs

Buster_BSA · #**481** October 12th, 2012, 01:29 PM

Released Buster Sandbox Analyzer 1.80.

Changes:

+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Updated “URL Analyzer” feature
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Updated HexDive
+ Fixed several bugs

Hillsboro · #**482** October 12th, 2012, 02:24 PM

Quote:

Originally Posted by Buster_BSA

Released Buster Sandbox Analyzer 1.80.

Changes:

+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Updated “URL Analyzer” feature
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Updated HexDive
+ Fixed several bugs

WinRAR shows the archive as corrupted... tried D/L' twice

Buster_BSA · #**483** October 12th, 2012, 03:56 PM

I know the web host is not the best one.

If you are using FireFox use DownThemAll plugin. It should resume if download fails. If you are using any other browser I suggest you use a download manager.

If anyone knows a good host I will be glad to hear about it.

Buster_BSA · #**484** October 13th, 2012, 12:15 PM

Released Buster Sandbox Analyzer 1.81.

Changes:

+ Updated LOG_API
+ Updated “URL Analyzer” feature
+ Updated “Check for Updates” feature
+ Fixed several bugs

Buster_BSA · #**485** October 13th, 2012, 12:51 PM

Meanwhile I do not find a more stable place to host BSA, the package will be actually hosted at http://bsa.xtrweb.com/bsa.rar

FanJ · #**486** October 28th, 2012, 05:28 PM

Hi Buster_BSA,

Did you see that the Dutch computer magazine c't (not to be confused with ComputerTotaal) has an article about BSA, november 2012. It is now in the shops available; I bought it yesterday.
Whether it is a translation of an article in the German version of c't, I don't know.
I don't see the article online at their site www.ct.nl.
I see only the softlink http://www.ct.nl/softlink/1211072/.

Someone seems to have found an error in the article; see their forum:
http://forum.ct.nl/showthread.php?t=14873

Groet,
Jan

Buster_BSA · #**487** October 29th, 2012, 07:19 AM

Yes, I knew about the article. I informed about the mistake in the article to the person that added the entry in the forum and I also mailed to the person who wrote the article.

Thanks for letting me know anyway!

humabajwa · #**488** October 31st, 2012, 08:33 AM

i've started using this software and am having a couple of issues. Firstly, the buster doesnt work with code injection and hence doesnt detect it.

i really want it to detect not only code injections but also heapsprays. Kindly guide me as to what should i do to embed these features. i cant let my VM security get compromised. i just want the buster to generate a truthful report about the malware even if it involves code injection.

humabajwa · #**489** October 31st, 2012, 08:39 AM

in severe conditions, i can compromise my VMs security

just help me!

Buster_BSA · #**490** October 31st, 2012, 09:47 AM

Quote:

Originally Posted by humabajwa

i've started using this software and am having a couple of issues. Firstly, the buster doesnt work with code injection and hence doesnt detect it.

i really want it to detect not only code injections but also heapsprays. Kindly guide me as to what should i do to embed these features. i cant let my VM security get compromised. i just want the buster to generate a truthful report about the malware even if it involves code injection.

From "Pros, contras, warnings and limitations" section of manual:

"Buster Sandbox Analyzer will be unable to watch code injection in certain system processes because they are running out of the sandbox and Sandboxie will not allow it".

You can try running sandboxed usually targeted processes like Internet Explorer and Windows Explorer to see if code injection happens. In order to do this, in automatic mode you would need to enable this feature:

Options > Automatic Analysis Options > Launch Custom Applications

Additionally you must define the list of custom applications to launch. Look the manual to know how to do that.

If you have any other doubt just let me know.

humabajwa · #**491** November 1st, 2012, 02:35 AM

thanks. so do u know of any other tool that can help me detect code injection?

Buster_BSA · #**492** November 1st, 2012, 04:34 AM

Quote:

Originally Posted by humabajwa

thanks. so do u know of any other tool that can help me detect code injection?

In BSA you have two binaries: R3S32.EXE and R3S64.EXE

You can use them to detect code injection.

Buster_BSA · #**493** November 7th, 2012, 02:06 PM

Did it work?

Buster_BSA · #**494** November 8th, 2012, 02:21 PM

Anyone has experience with Androguard under Windows?

Buster_BSA · #**495** November 23rd, 2012, 02:19 PM

Today is the third anniversary of first BSA release.

SLE · #**496** November 23rd, 2012, 02:39 PM

Quote:

Originally Posted by Buster_BSA

Today is the third anniversary of first BSA release.

Congrats for your nice tool and thanks for permanent improvement!

roady · #**497** November 23rd, 2012, 05:47 PM

Quote:

Originally Posted by Buster_BSA

Today is the third anniversary of first BSA release.

Thank you for this great SandBoxie addon!
It's not that I use it every hour of the day,but it's great to have when you need it....

Buster_BSA · #**498** November 27th, 2012, 02:13 PM

Released Buster Sandbox Analyzer 1.82.

Changes:

+ Added a feature to analyze Android applications
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Improved “Run Custom Command On Finish” feature
+ Updated LOG_API
+ Updated HexDive to version 0.6
+ Updated ExeInfo to version 0.0.3.2
+ Fixed several bugs

Buster_BSA · #**499** December 2nd, 2012, 05:51 AM

Released Buster Sandbox Analyzer 1.83.

Changes:

+ Added new malware behaviours
+ Added the possibility of including comments in BSA.DAT
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Optimized file string search
+ Updated BSA.DAT
+ Fixed several bugs

Buster_BSA · #**500** December 15th, 2012, 07:25 PM

Released Buster Sandbox Analyzer 1.84.

Changes:

+ Added “[Custom_File_Entries]” section to BSA.DAT
+ Added a feature to extract files from PCap files in automatic mode
+ Added new malware behaviors
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ GUI has been redesigned
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed several bugs

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search