Buster Sandbox Analyzer

Finally SQL database support
Thats very good news for who use the batch analysis and reporting.
Thanks for great effort.

Multi processing will be good but you already said the answer before. It is hard to analyse 2.500.000 files if you want.

What is the recemmonding minimum analysing time? (general question, not only for BSA)

 

I added SQL database support because I considered it an interesting feature. If you take a look at this thread or at Sandboxie´s forum, you will see that nobody made this feature request ever. So seems like BSA users are waiting I add things instead making feature requests.

Multi processing: no, sorry. My suggestion is that if you need several instances of BSA running at the same time you can do it from different virtual machines. Let´s say 3 or 5 instances of Virtual PC or VirtualBox (the VM that less resources needs) running in parallel.

120 seconds is the minimum analysis time I would suggest.

 

nope, if you remember, i asked you. This threat or pm, i dont checked. Cause i want to make database driven web site, but you rejected

Also Tesk request you database releated function ;

https://www.wilderssecurity.com/showpost.php?p=1819345&postcount=192

Anyway, BSA has this function now. Getting better.

You know, malware can dedect Virtual PC and Vbox. I dont know maybe BSA can run malwares different sandbox area, like attached image. But if it is not possible of course i can understand this.

Thanks, 2 minutes per malware so we can analyse 720 files per day.

 

I missed the request or when I readed about "web oriented" I discarded the idea. Anyway, as you said, now BSA got the feature and as tesk told, now it´s easy to get a lot of information about files.

About the multithreading... I think it´s possible, but I don´t have the time to code such feature, because such change would require rewriting a lot of code from scratch.

 

so i need 9.5 years for analysing 2.500.000 file

 

Buster,

Here is some more info about entropy and packing that you might find helpful:
1. Paper Classification of Packed Executables for Accurate Computer Virus Detection (and here) gives algorithms for determining if a given executable is likely packed or not.
2. Entyzer with the "-pe" switch lists entropy per program section, which is probably better than giving the entropy of the entire file.

 

I´m done with entropy, but thanks anyway.

 

Released Buster Sandbox Analyzer 1.47.

Changes:

+ Added a feature to run BSA in automatic mode monitorizing a folder for new files to analyze.
+ Added a feature to avoid processing files from a whitelist.
+ Improved analysis cancel event.
+ Fixed several bugs

 

Next BSA release will include a feature similar to Didier Stevens' PDFiD.

 

Released Buster Sandbox Analyzer 1.48.

Changes:

+ Added PDF statistics feature
+ Added support for a new malware behaviour: get computer name
+ Updated LOG_API
+ Fixed several bugs

 

Next release will introduce XML support.

 

Next release will introduce also support for TLS hooks.

You can read more about them here: http://www.hexblog.com/?p=9

 

I just created a new section in BSA´s web site (http://bsa.isoftware.nl) named "Video Tutorials".

I have added a video tutorial about the installation and configuration of Sandboxie, WinPCap and Buster Sandbox Analyzer.

Comments will be welcome as usual.

 

Video tutorial - Buster Sandbox Analyzer: Installation and configuration.

http://www.youtube.com/watch?v=MXASXoq5akc

 

Released Buster Sandbox Analyzer 1.49.

Changes:

+ Added support for XML reports
+ Added support for TLS hooks detection
+ Improved PDF Statistics
+ Updated LOG_API verbose versions to include FindFirst/NextFile support
+ Updated support for new VirusTotal web service
+ Fixed several bugs

 

Thanks for your hard work , downloading to test

 

Post your thoughts after testing, please.

 

hi
is there a previous version ?
i'm using 1.49 and i can't export reghive .. i mean it's gray
i updated 2 minutes ago and sadly it doesn't work
sandboxie 32bit

 

I have tested and works fine.

Tell me exactly the steps you do. And when I say exactly I mean exactly...

Like:

1) Open BSA
2) Click in ...
3) ...

 

Sorry if the answers to my questions are in this thread. I skimmed through more than half of it based on search results and didn't see any clear answers.

from https://www.wilderssecurity.com/showpost.php?p=2008228&postcount=95 What is your Sandboxie setup?
[SIZE]

I could automate the uninstallation of programs by writing a batch file with remove and unregister commands, and a make a reg file to remove the registry entries, yes?

++Chron Kyrios

 

In theory yes, that´s possible. And I say only in theory because even if I don´t see any reason to don´t work, I don´t know of anyone that did it already.

 

That's Wonderful! I get to be the one who tests an unintended feature! I may not be able to test it for a while, but I will get to it.

++Chron Kyrios

 

When I released the tool, tzuk (Sandboxie´s author) commented that it could be used as malware remover. He had the same idea you had: use BSA as an uninstaller.

 

@Buster_BSA

You can add export to excel/csv for file hash tools in BSA

And File signature tools also

what is that mean?

 

I will consider it. Thanks for the suggestion!

That´s RTF stuff, but without a context I don´t know what else to say.