Buster Sandbox Analyzer
3 posters
Page 1 of 3
Page 1 of 3 • 1, 2, 3
Buster Sandbox Analyzer
Buster Sandbox Analyzer is like an add-on for Sandboxie and it has been designed to analyze the behaviour of sandboxed processes. It checks the changes made to system and then evaluates if they are malware suspicious.
So Buster Sandbox Analyzer is a malware behaviour analyzer, similar to Norman Sandbox Analyzer, Anubis, Threat Expert, JoeBox, etc.
The advantage of Buster Sandbox Analyzer is that meanwhile most malware analyzers are on-line and are not interactive with the user, BSA (Buster Sandbox Analyzer) is managed by the user. Analysis may be more accurate when are done by experienced users but BSA will produce good results even for non experienced ones.
BSA web page is http://bsa.isoftware.nl/.
Direct link for download: http://bsa.isoftware.nl/bsa.rar
Before using BSA is necessary to read the manual. BSA is not an install and run program. For best results an appropiate configuration is required.
You can find a review about the tool here: Buster Sandbox Analyzer makes Sandboxie stronger
When I have time I will try to produce some video tutorials showing how to use BSA.
So Buster Sandbox Analyzer is a malware behaviour analyzer, similar to Norman Sandbox Analyzer, Anubis, Threat Expert, JoeBox, etc.
The advantage of Buster Sandbox Analyzer is that meanwhile most malware analyzers are on-line and are not interactive with the user, BSA (Buster Sandbox Analyzer) is managed by the user. Analysis may be more accurate when are done by experienced users but BSA will produce good results even for non experienced ones.
BSA web page is http://bsa.isoftware.nl/.
Direct link for download: http://bsa.isoftware.nl/bsa.rar
Before using BSA is necessary to read the manual. BSA is not an install and run program. For best results an appropiate configuration is required.
You can find a review about the tool here: Buster Sandbox Analyzer makes Sandboxie stronger
When I have time I will try to produce some video tutorials showing how to use BSA.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Thanks Buster. To be honest, I've never tried your tool. It sounds really rather excellent, and gets a lot of praise (no doubt deservedly).
I will try it out some time. Look forward to the video tutorials!
Stickied.
I will try it out some time. Look forward to the video tutorials!
Stickied.
Re: Buster Sandbox Analyzer
Buster Sandbox Analyzer is intended for malware analyzers and people that like trying software from dubious sources.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Correct...tried it but was not able to do so.ssj100 wrote:Stickied.
Ruhe- Valued Member
- Posts : 261
Join date : 2010-04-16
Location : Germany
Re: Buster Sandbox Analyzer
Released Buster Sandox Analyzer 1.31.
Changes:
+ Improved malware behaviour detections.
+ Updated LOG_API library (normal and verbose).
+ Added a feature to delete sandbox folder contents.
+ Fixed some bugs.
Changes:
+ Improved malware behaviour detections.
+ Updated LOG_API library (normal and verbose).
+ Added a feature to delete sandbox folder contents.
+ Fixed some bugs.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.33.
Changes:
+ Added a feature to run BSA from command line in automatic mode
+ Added Exeinfo support
+ Added extra information of dropped files
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed a bug
Changes:
+ Added a feature to run BSA from command line in automatic mode
+ Added Exeinfo support
+ Added extra information of dropped files
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed a bug
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.34.
Changes:
+ Added a feature to copy/move processed files in automatic mode
+ Added a feature to export RegHive to .REG format
+ Updated LOG_API
+ Removed HideDriver
+ Fixed a bug
Changes:
+ Added a feature to copy/move processed files in automatic mode
+ Added a feature to export RegHive to .REG format
+ Updated LOG_API
+ Removed HideDriver
+ Fixed a bug
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.36.
Changes:
+ Added support for ssdeep
+ Improved the support for DLL files
+ Report informations can be selected individually
+ Updated BSA.DAT
+ Fixed several bugs
Changes:
+ Added support for ssdeep
+ Improved the support for DLL files
+ Report informations can be selected individually
+ Updated BSA.DAT
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.37.
Changes:
* Improved hiding feature
* Updated BSA.DAT
* Removed evaluation risk feature
* Fixed several bugs
Part of the improved hiding feature is the possibility of naming LOG_API.DLL with the file name you prefer.
Evaluation risk was removed from malware analysis report because it was too misleading. Probably I will reintroduce the feature in the near but having other format.
Changes:
* Improved hiding feature
* Updated BSA.DAT
* Removed evaluation risk feature
* Fixed several bugs
Part of the improved hiding feature is the possibility of naming LOG_API.DLL with the file name you prefer.
Evaluation risk was removed from malware analysis report because it was too misleading. Probably I will reintroduce the feature in the near but having other format.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
I forgot to comment a new feature in version 1.37.
* Added "Version Information" feature. This feature will include a header in reports with the version and date of creation of reports.
* Added "Version Information" feature. This feature will include a header in reports with the version and date of creation of reports.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.38.
Changes:
+ Added risk evaluation module
+ Added several improvements
+ Fixed several bugs
Changes:
+ Added risk evaluation module
+ Added several improvements
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.39.
Changes:
+ Fixed several bugs.
Changes:
+ Fixed several bugs.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.40.
Changes:
+ Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered
+ Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support
+ Added Exeinfo support to File Signature feature
+ Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk
Changes:
+ Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered
+ Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support
+ Added Exeinfo support to File Signature feature
+ Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Did anyone in this forum try BSA?
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.42.
Changes:
+ Added a feature to capture screen in video (VLC installation required)
+ Added a feature to report direct disk writing attempts (Sandboxie 3.59.01 or newer version required)
+ Fixed a bug
Changes:
+ Added a feature to capture screen in video (VLC installation required)
+ Added a feature to report direct disk writing attempts (Sandboxie 3.59.01 or newer version required)
+ Fixed a bug
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.44.
Changes:
+Changed the feature to do not show UDP packets. Now the feature will ignore UDP packets from PCAP captures and reports
+ Added a feature to minimize BSA when the feature to do video capture is enabled
+ Added a feature to compress to ZIP sandbox folder contents when “Keep Sandbox Files” is enabled
+ Added information related to date of submission in VirusTotal reports
+ Added several improvements
+ Updated LOG_API
Changes:
+Changed the feature to do not show UDP packets. Now the feature will ignore UDP packets from PCAP captures and reports
+ Added a feature to minimize BSA when the feature to do video capture is enabled
+ Added a feature to compress to ZIP sandbox folder contents when “Keep Sandbox Files” is enabled
+ Added information related to date of submission in VirusTotal reports
+ Added several improvements
+ Updated LOG_API
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.45.
Changes:
+ Added a feature to produce reports in PDF format
+ Added support for new malware behaviours: get volume information, alternate data stream creation
+ Updated LOG_API
Changes:
+ Added a feature to produce reports in PDF format
+ Added support for new malware behaviours: get volume information, alternate data stream creation
+ Updated LOG_API
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.46.
Changes:
+ Added a feature to include information from reports into a SQL database
+ Added a custom manager for BSA´s SQL Database
+ Added a feature to load and save settings from file on demand
+ Added a feature to set a number of retries if connection to VirusTotal fails
+ Added a feature to launch automatically Explorer.exe in automatic mode
+ Added a feature to skip already processed files in automatic mode
+ Fixed several bugs
Changes:
+ Added a feature to include information from reports into a SQL database
+ Added a custom manager for BSA´s SQL Database
+ Added a feature to load and save settings from file on demand
+ Added a feature to set a number of retries if connection to VirusTotal fails
+ Added a feature to launch automatically Explorer.exe in automatic mode
+ Added a feature to skip already processed files in automatic mode
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.47.
Changes:
+ Added a feature to run BSA in automatic mode monitorizing a folder for new files to analyze.
+ Added a feature to avoid processing files from a whitelist.
+ Improved analysis cancel event.
+ Fixed several bugs.
Changes:
+ Added a feature to run BSA in automatic mode monitorizing a folder for new files to analyze.
+ Added a feature to avoid processing files from a whitelist.
+ Improved analysis cancel event.
+ Fixed several bugs.
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.48.
Changes:
+ Added PDF statistics feature
+ Added support for a new malware behaviour: get computer name
+ Updated LOG_API
+ Fixed several bugs
Changes:
+ Added PDF statistics feature
+ Added support for a new malware behaviour: get computer name
+ Updated LOG_API
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.49.
Changes:
+ Added support for XML reports
+ Added support for TLS hooks detection
+ Improved PDF Statistics
+ Updated LOG_API verbose versions to include FindFirst/NextFile support
+ Updated support for new VirusTotal web service
+ Fixed several bugs
Changes:
+ Added support for XML reports
+ Added support for TLS hooks detection
+ Improved PDF Statistics
+ Updated LOG_API verbose versions to include FindFirst/NextFile support
+ Updated support for new VirusTotal web service
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.50.
Changes:
+ Added multi-language support
+ Updated LOG_API
+ Fixed several bugs
Changes:
+ Added multi-language support
+ Updated LOG_API
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.51.
Changes:
+ Added a custom driver to hide Sandboxie´s processes
+ Removed Hide Driver from package
+ Included new malware behaviour
+ Added File Renamer feature to utilities section
+ Updated LOG_API
Changes:
+ Added a custom driver to hide Sandboxie´s processes
+ Removed Hide Driver from package
+ Included new malware behaviour
+ Added File Renamer feature to utilities section
+ Updated LOG_API
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.52.
Changes:
+ Added support for HTML reports
+ Added a feature to remove sandbox folder contents automatically in manual mode
+ Included new malware behaviour
+ Updated LOG_API
+ Fixed several bugs
Changes:
+ Added support for HTML reports
+ Added a feature to remove sandbox folder contents automatically in manual mode
+ Included new malware behaviour
+ Updated LOG_API
+ Fixed several bugs
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Re: Buster Sandbox Analyzer
Released Buster Sandbox Analyzer 1.53.
Changes:
+ Added a new entry section to BSA.DAT: [Process_Code_Injection]
+ Added a new feature to dump executable processes in automatic mode
+ Added a feature that allows the user to select what behaviours must appear in the analysis report
+ Updated “Risk Evaluation Ratings”
+ Included new malware behaviour
+ Updated LOG_API
Changes:
+ Added a new entry section to BSA.DAT: [Process_Code_Injection]
+ Added a new feature to dump executable processes in automatic mode
+ Added a feature that allows the user to select what behaviours must appear in the analysis report
+ Updated “Risk Evaluation Ratings”
+ Included new malware behaviour
+ Updated LOG_API
Buster_BSA- Member
- Posts : 87
Join date : 2010-07-21
Page 1 of 3 • 1, 2, 3
Similar topics
» Sandbox VirtualBox
» Newbie ..sandbox setup help
» Avast Internet Security (with its own sandbox)
» comodo sandbox elevating privelege
» New Firefox Flash Player sandbox plug-in
» Newbie ..sandbox setup help
» Avast Internet Security (with its own sandbox)
» comodo sandbox elevating privelege
» New Firefox Flash Player sandbox plug-in
Page 1 of 3
Permissions in this forum:
You cannot reply to topics in this forum