Buster Sandbox Analyzer

The latest release is working great! I really like the features.

 

I will release a new version soon with a few bugfixes.

 

With the latest version of Sandboxie where 64-bit experimental is used, the malware I test don't behave properly. Sandboxie interferes the stuff the malware intends to do (I'm running without Drop-My-Rights). Hence, BSA won't register any malicious activity. This is not a glitch in BSA, but more than not, a bad thing about Sandboxie itself.

I look forward to every new release. BSA is every malware-testers dream!

 

Released Buster Sandbox Analyzer 1.37.

Changes:

* Improved hiding feature
* Updated BSA.DAT
* Removed evaluation risk feature
* Fixed several bugs

Part of the improved hiding feature is the possibility of naming LOG_API.DLL with the file name you prefer.

Evaluation risk was removed from malware analysis report because it was too misleading. Probably I will reintroduce the feature future in the near but having other format.

 

Hey Buster,

On a side notice, Emsisoft & Ikarus report some of the files included in BSA as suspicious:

Scan start: 2011-07-17 00:24:55

D:\bsa\HideDriverGUI.exe detected: Trojan.Win32.Tool.HideProc.bz!A2
D:\bsa\LOG_API.DLL detected: Win32.SuspectCrc!IK

I have of course submitted them as false positives!

Regards,

Gabe

 

Thanks for the update, it's working fine here

 

Thank you very much!

 

Thanks for the feedback!

 

I forgot to comment a new feature in version 1.37.

* Added "Version Information" feature. This feature will include a header in reports with the version and date of creation of reports.

 

The changes introduced in this new version are not visible, but they improve the quality of reports significantly.

 

Released Buster Sandbox Analyzer 1.38.

Changes:

+ Added risk evaluation module
+ Added several improvements
+ Fixed several bugs

 

Cheers for the risk evaluation module! It gives a hint of what to do with the tested file (after manually checking what changes were made). Much appreciated.

 

No problem, glad you like it.

 

Tzuk should make you co-developer... this tool would be so handy to have built-in into Sandboxie.

 

tzuk helps me to improve BSA adding things I need. Right now I am waiting he has some free time to review a feature request I did. I want to add a new malicious behaviour that will help BSA to catch malwares that write to MBR or that write to sectors directly.

 

I noticed a bug in version 1.38 and updated BSA package with the fix.

People that downloaded the package should get it again.

 

If anyone notices a "invalid integer value" error message, redownload the package.

 

Released Buster Sandbox Analyzer 1.39.

Changes:

+ Fixed several bugs.

 

Released Buster Sandbox Analyzer 1.40.

Changes:

+ Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered
+ Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support
+ Added Exeinfo support to File Signature feature
+ Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk

 

Thanks for the update.
Would be nice for future versions to have a guided way to install it.

 

I will consider it.

 

Thanks for the update

 

Glad you like it.

Nobody did that suggestions to improve the feature. I was reviewing the feature to add other things and I thought about them.

If you have suggestions to improve that function or other ones, let me know.

 

Well I normally did that manually in the past Well definitely save my time
Keep up the good work of developing such a good software application

 

Then I don´t understand why you didn´t make a feature request.

Thanks!