Buster Sandbox Analyzer

Discussion in 'other anti-malware software' started by Buster_BSA, Nov 29, 2009.

Thread Status:
Not open for further replies.
  1. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released Buster Sandbox Analyzed 1.85.

    Changes:

    +Added a feature to run silently setups if possible in automatic mode
    +Added a feature to view malware analysis on finish in manual mode
    +Added a feature to save connection information to CSV file in “Pcap Explorer” feature
    +Added a feature to refresh BSA window
    +Removed several program dependencies (REG.EXE, STRINGS.EXE, …)
    +DAT files move to “DATA” folder
    +Improved “File Strings” feature
    +Updated BSA.DAT
    +Updated LOG_API
    +Fixed several bugs
     
  2. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    THX for the update........is BSA 1.85 fully compatible with SandBoxie 4.0.1 beta?
     
  3. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I asked to Ronen the same and he told me that yes, BSA should work the same than with 3.x versions of Sandoxie.

    Anyway I suggest you do not use it with BSA until Sandboxie 4.x is out of beta stage,
     
  4. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    OK,THX for the info.....will follow your advice....:)
     
  5. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Soon I will release a new version of BSA (version 1.86).

    This version will contain a new LOG_API, rewritten from scratch.
     
  6. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released Buster Sandbox Analyzer 1.86.

    Changes:

    + LOG_API completely rewritten and improved
    + Added “Use Deep Dump Method” feature
    + Added “Send a Return Every 10 seconds” feature
    + Added a feature to show all logged APIs
    + Added a feature to save connection information to HTML file in “Pcap Explorer” feature
    + Added new malware behaviors
    + Included new malware behaviours at “Risk Evaluation Ratings”
    + Updated “Process Explorer” feature
    + Updated BSA.DAT
    + Updated PeID´s USERDB.TXT
    + Updated Exeinfo´s Ext_Detector.DLL
    + Fixed several bugs
     
  7. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    The new release must work fine because I am not receiving bug reports anymore. :)
     
  8. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Today I tried BSA under Windows 8 myself and I must say that there are some issues:

    * WinPCap: it will not install directly. A workaround must be used:

    http://forums.xbconnect.com/showthread.php?t=18158

    * LOG_API: actually LOG_API is not working and BSA is unable to log API calls.

    Anyone can confirm, please?
     
  9. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I tried Sandboxie 4.01 and BSA was not logging. Ronen suggested to try with version 3.76 and that version works fine.

    Meanwhile tzuk does not fix the issue if someone wants to try BSA under Windows 8 I recommed to use version 3.76.
     
  10. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released Buster Sandbox Analyzer 1.87.

    Changes:

    + Added new malware behaviors
    + Included new malware behaviours at “Risk Evaluation Ratings”
    + Improved “Include VirusTotal Malware Information of Dropped Files” feature
    + Updated XML and Json format schemas
    + Updated LOG_API
    + Updated BSA.DAT
    + Fixed several bugs
     
  11. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    I want to start using BSA, is it still the same setup procedure as always?
     
  12. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    BSA includes a quick start guide under "Docs" folder. I suggest you follow it.
     
  13. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Ok, thank you
     
  14. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    RADEON0101: Did you start using BSA already? Any problem following the "Quick Start Guide"?
     
  15. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Not yet, I've been in the process of testing setups for clients, as well as myself.

    I plan on implementing BSA sometime this week.

    I'll let you know how it goes :thumb:
     
  16. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I have news:

    After a few tests with Sandboxie version 4 and due the major changes to underlying architecture I have considered Sandboxie is not suitable for malware analysis anymore, therefore Buster Sandbox Analyzer development will be discontinued.

    Anyway you can continue using Sandboxie 3.76 + BSA.
     
  17. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
  18. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    Whoah, really?

    :(
     
  19. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
  20. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    BSA will be discontinued.
     
  21. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Rats. The main reason I purchased SandboxIE in the first place was in order to be able to analyze malware with BSA...:blink:
     
  22. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    Released Buster Sandbox Analyzer 1.88 - Final Release

    Changes:

    + Added support for MAEC 3.0 reports
    + Fixed VirusTotal report information
     
  23. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,839
    I thought this was discontinued

    ??
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks Buster for all the hard work you've done for the community! It's a shame Sandboxie 4 doesn't allow your program to function properly anymore!
     
  25. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    748
    I had promised one more release fixing VirusTotal reports and including support for MAEC reports.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.