Buster Sandbox Analyzer

It looks very promised. Autodetection of SandBox's folders can be useful.

 

Autodetection is not possible because a user may have several sandbox folders, so it´s not possible to know what of them he will be using.

Anyway if someone always use the sandbox folder he will only have to set it one time. Rest of times the sandbox folder will be set automatically.

 

Released Buster Sandbox Analyzer version 1.27.


+ Added a feature to include file entropy information of Win32 files.

+ Added a feature to include file type information on new created files.

+ Added an option to remember last position on screen.

 

Thank you .

 

Re-released BSA 1.27 fixing a bug.

Be sure to download the new RAR because the browser may download the old RAR from cache.

 

Released Buster Sandbox Analyzer 1.28.

Changes:

+ Included two versions of LOG_API.DLL: One of them will not show file/registry operations so BSA will run faster

+ Invalid Win32 PE files will be reported

+ Added a feature to include Digital Signature information for dropped files

+ Added a feature to rename automatically processed files to their proper extension

+ Added a feature to do not process unknown file types

+ Added a feature that allows to adjust the time limit in minutes or seconds

+ Added a feature to take screenshots of sandboxed windows when running in automatic mode

+ When a non PE file is processed the file being processed will appear at report and the application that launched it too

 

Great update. Thank you

 

Re-released version 1.28 to fix a bug.

 

Released Buster Sandox Analyzer 1.29.

Changes:

+ Added a feature to resume automatic mode analysis
+ Added a feature to close certain window messages when running in automatic mode

 

Can't remember exactly when but it was years ago; I sent an e-mail to Tzuk and i said him that, if he can add an analyze module on Sanboxie this would be great but as far as i remember he replied my e-mail, "it's not that easy to add an analyze module to Sandboxie, i will not add an analyze module for now", but now i found here what i want . Not even used it yet but this tool really made me excited. So thank you so much for this great tool @Buster_BSA.

Have a goodworking...

 

First version of BSA was released at the end of 2009. In this time I have added many, many features, so its use is not obvious. Have the patience to read the manual (BSA.PDF) and follow the instructions to get it working properly. Most important things are written in red letters. Put special attention to them.

If you have any doubt you can ask here or at Sandboxie´s forum, in BSA´s thread:

http://sandboxie.com/phpbb/viewtopic.php?t=6557

I´ll be glad to hear any suggestions to improve the tool.

Regards.

 

Released Buster Sandox Analyzer 1.30.

Changes:

+ Added a feature to automate setups when running in automatic mode
+ Added a feature to run a custom command after an automatic analysis finishes
+ BSA will report the creation of hidden folders
+ Fixed a cosmetic bug

 

wow
it 's an amazing tool!

can export or let me see the changes of the registry made a program inside the sandboxie?

by the way after the analysis the windows is small i can resize ,xp

thanks a lot

 

Yes, you will get the changes made to registry by a program inside the sandbox.

The window is small? Could you post a screenshot, please?

Thanks for your kind words about my tool.

 

this is the screenshot

http://img687.imageshack.us/i/anonimob.jpg/


I copied

but i get 30 errors
by the way i get lots of errors
log type system
event type error
source Service Control Manager
event id 7000
The service WinPcap Packet Driver (NPF) has not been started for the following error:
Can not find the file specified.


edit the screenshot

 

Instead copying the two DLL files (PACKET and WPCAP) I suggest you install WinPCap. You can grab it from here:

http://www.winpcap.org/install/bin/WinPcap_4_1_2.exe

About the rest of your post, sorry but I don´t follow you.

 

thanks
about the error are in the event list

the screenshot is about the analysis window is small , and i can not resize , make it bigger

 

The window is not small; it has the size it must have. All the information is visible.

 

Released Buster Sandox Analyzer 1.31.

Changes:

+ Improved malware behaviour detections.
+ Updated LOG_API library (normal and verbose).
+ Added a feature to delete sandbox folder contents.
+ Fixed some bugs.

 

thanks man!

 

is there a way to use the reghide to make a uninstall regfile ?

i mean i install a program inside sadboxie
i monitor , and can i export the reghive and make a uninstall regfile?
it could cool if i install the program outside sandboxie

thanks

 

It can not be done automatically. You must check what keys and values it changes and then make a custom uninstall.

 

may i export and add a - to regkey , should it work ?

 

I suggest you make your own tests under a virtual machine, because if you remove all exported keys, results could be unpredictable.

 

Buster Sandbox Analyzer 1.32 beta 2:

http://bsa.isoftware.nl/bsa132b2.rar

(only BSA.EXE included)

I have added a new feature: Options > Common Analysis Options > Reports > Include VirusTotal Malware Information.

When enabled, BSA will include in the report the antivirus detections (if any) for the processed file available at www.virustotal.com

Could anyone try it and let me know if it works fine or not, please?

Question: Should I keep the feature as it´s now or I should include an option to include av detections for every executable created?