Buster Sandbox Analyzer

Released Buster Sandbox Analyzer 1.76.

Changes:

+ Added a feature to check for API hooks
+ Added “Launch Custom Applications” feature
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Removed “Launch Internet Explorer” and “Launch Windows Explorer” features
+ Fixed several bugs

 

Released Buster Sandbox Analyzer 1.77.

Changes:

+ Fixed several bugs

 

I did not receive any feedback recently. Nobody is using new versions?

 

Released Buster Sandbox Analyzer 1.78.

Changes:

+ Added a feature to specify report folder in automatic mode
+ Improved “URL Analyzer” feature
+ Improved command line feature
+ Removed “Save Settings on Exit” feature
+ Fixed several bugs

 

Released Buster Sandbox Analyzer 1.79.

Changes:

+ Added “Edit BSA_USER.DAT” feature
+ Improved typical error problem checkings
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Fixed several bugs

 

Released Buster Sandbox Analyzer 1.80.

Changes:

+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Updated “URL Analyzer” feature
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Updated HexDive
+ Fixed several bugs

 

WinRAR shows the archive as corrupted... tried D/L' twice

 

I know the web host is not the best one.

If you are using FireFox use DownThemAll plugin. It should resume if download fails. If you are using any other browser I suggest you use a download manager.

If anyone knows a good host I will be glad to hear about it.

 

Released Buster Sandbox Analyzer 1.81.

Changes:

+ Updated LOG_API
+ Updated “URL Analyzer” feature
+ Updated “Check for Updates” feature
+ Fixed several bugs

 

Meanwhile I do not find a more stable place to host BSA, the package will be actually hosted at http://bsa.xtrweb.com/bsa.rar

 

Hi Buster_BSA,

Did you see that the Dutch computer magazine c't (not to be confused with ComputerTotaal) has an article about BSA, november 2012. It is now in the shops available; I bought it yesterday.
Whether it is a translation of an article in the German version of c't, I don't know.
I don't see the article online at their site www.ct.nl.
I see only the softlink http://www.ct.nl/softlink/1211072/.

Someone seems to have found an error in the article; see their forum:
http://forum.ct.nl/showthread.php?t=14873

Groet,
Jan

 

Yes, I knew about the article. I informed about the mistake in the article to the person that added the entry in the forum and I also mailed to the person who wrote the article.

Thanks for letting me know anyway!

 

help needed

i've started using this software and am having a couple of issues. Firstly, the buster doesnt work with code injection and hence doesnt detect it. i really want it to detect not only code injections but also heapsprays. Kindly guide me as to what should i do to embed these features. i cant let my VM security get compromised. i just want the buster to generate a truthful report about the malware even if it involves code injection.

 

in severe conditions, i can compromise my VMs security just help me!

 

Re: help needed

From "Pros, contras, warnings and limitations" section of manual:

"Buster Sandbox Analyzer will be unable to watch code injection in certain system processes because they are running out of the sandbox and Sandboxie will not allow it".

You can try running sandboxed usually targeted processes like Internet Explorer and Windows Explorer to see if code injection happens. In order to do this, in automatic mode you would need to enable this feature:

Options > Automatic Analysis Options > Launch Custom Applications

Additionally you must define the list of custom applications to launch. Look the manual to know how to do that.

If you have any other doubt just let me know.

 

thanks. so do u know of any other tool that can help me detect code injection?

 

In BSA you have two binaries: R3S32.EXE and R3S64.EXE

You can use them to detect code injection.

 

Did it work?

 

Anyone has experience with Androguard under Windows?

 

Today is the third anniversary of first BSA release.

 

Congrats for your nice tool and thanks for permanent improvement!

 

Thank you for this great SandBoxie addon!
It's not that I use it every hour of the day,but it's great to have when you need it....

 

Released Buster Sandbox Analyzer 1.82.

Changes:

+ Added a feature to analyze Android applications
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Improved “Run Custom Command On Finish” feature
+ Updated LOG_API
+ Updated HexDive to version 0.6
+ Updated ExeInfo to version 0.0.3.2
+ Fixed several bugs

 

Released Buster Sandbox Analyzer 1.83.

Changes:

+ Added new malware behaviours
+ Added the possibility of including comments in BSA.DAT
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Optimized file string search
+ Updated BSA.DAT
+ Fixed several bugs

 

Released Buster Sandbox Analyzer 1.84.

Changes:

+ Added “[Custom_File_Entries]” section to BSA.DAT
+ Added a feature to extract files from PCap files in automatic mode
+ Added new malware behaviors
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ GUI has been redesigned
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed several bugs