Buster Sandbox Analyzer

Nobody?

 

Wow very nice feature
I will try.

 

Try beta 4 please:

https://www.yousendit.com/download/MEtTb3BEQzc3N0JjR0E9PQ

I fixed a bug and also added the chance of retrieving malware information of dropped (win32) files.

 

help

beta 4

 

1) Get BSA´s complete package from here:

http://bsa.isoftware.nl/bsa.rar

2) Replace BSA.EXE from the package with beta 4 file.

3) Get WinPCap from here:

http://www.winpcap.org/install/bin/WinPcap_4_1_2.exe

and install it.

4) Read BSA.PDF before using BSA in order to configure it properly.

Then you will be ready to use BSA.

 

Released Buster Sandbox Analyzer 1.32.

Changes:

+ Added a feature to include av identifications from VirusTotal on reports
+ Improved “Automated Setup” feature

 

With the inclusion of VirusTotal av detections, Buster Sandbox Analyzer becomes a very powerful malware analysis and detection tool.

BSA combines the traditional pattern and heuristic detection (provided by VirusTotal´s av engines) with the malware behaviour analysis technology.

From this combination we get a strong anti-malware tool.

 

Great update. Thank you

work great here

 

I like VirusTotal addition. Thanks Buster

 

You are welcome, guest and Nizarawi.

 

Nice new feature (VirusTotal). Thanks Buster_BSA

 

This is very welcome! Thanks a lot! Much appreciated!

 

I wonder why nobody requested that feature ever.

 

Actually, I thought it might've been something to do with VT not allowing 3rd party applications to use their service other than their on VT-uploader. I've read their license agreement at their website now though and the do provide support for anyone to create an application for it (if I understand it correctly).

Anyway, with your addon to Sandboxie and Sandboxie now fully supporting x64, I think SBIE is the ultimate testing tool for new files!

 

Christiaan Beek did the Osama Bin Laden´s malware analysis using BSA.

Christiaan has done Blackhat talks and in his blog (http://securitybananas.com) writes about security topics.

You can review the malware analysis here:

http://securitybananas.com/?p=546

 

Released Buster Sandbox Analyzer 1.33.

Changes:

+ Added a feature to run BSA from command line in automatic mode
+ Added Exeinfo support
+ Added extra information of dropped files
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed a bug

 

From version 1.33 BSA can run from command line in automatic mode. That means that no user iteraction is required to analyze a file or a group of files. You just need to specify the amount of time and the folder to process.

The parameters to use are:

"-m" or "-s" to define the time. "-m" is for minutes and "-s" for seconds. The min amount for minutes is 1 and the max 60. For seconds the min is 1 and the max 3600.

"-f" to define the folder to process.

Example: bsa.exe -s 30 -f c:\test

In this example BSA will process for 30 seconds the files stored in test folder.

 

Thank you for this great tool! Success.

 

Thanks for update. These are possible?

Two or more files can be analysed at the same time? (with different sandboxes)

Sometimes, Malware files dosen't work. Sometimes they terminate after working. For that kind of cases, can BSA finished analysis free from set-time and can I pass new file? (it will be ideal for corrupted and dead malwares.)

 

First: I never coded any multithreaded application and I don´t have the time to do the research and the development that something like that requires.

Second: I don´t follow you. Could you rephrase it, please?

 

Re-released BSA 1.33 package to fix a severe problem in LOG_API.

 

bsa.exe-m5
(analysis will take time five minute)

BSA run malware.exe
After running 30 second, it terminates.
And BSA waits for five miniute for new analysis.
If BSA can determine the end of malware.exe, it does not need to run for 4.30 second. Time saver function.

 

Did you try the feature?

 

I tried it with GUI not console.
Anubis can handle it.
Termination reason: Timeout
http://anubis.iseclab.org/index.php...1b202121aea99350495ccbf95251370c1&format=html
Termination reason: All tracked processes have exited
http://anubis.iseclab.org/index.php...1e86503eeb875cc94a588af6ccf3e1eff&format=html

 

may you add the feature export reghive registry in *.reg ?

it would cool

thanks