[Q] Buster Sandbox Analyzer

Utilities designed for use with Sandboxie
Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: [Q] Buster Sandbox Analyzer

Post by Buster » Fri Mar 28, 2014 12:24 pm

operat0r2 wrote:* maybe you could send your entire BSA setup with Sandboxie ini maybe im missing something some how ?
There is no relation between BSA and Sandboxie when it comes to retrieve results from VirusTotal. And the code which BSA uses to retrieve results from VirusTotal is pretty simple, so I can not imagine what the problem could be. :?

This is the first time I receive a bug report like this. I will try to reproduce the problem on a Windows 7 64 but I am afraid I will be unable.

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: [Q] Buster Sandbox Analyzer

Post by Buster » Tue Apr 22, 2014 7:43 pm

I finally was able to reproduce the problem.

The issue is not really in BSA. VirusTotal changed the way it works: some time ago you could check a virus report using directly the MD5 hash of the file, but not anymore.

I will make a change in BSA and will release a new update.

Sahand
Posts: 1
Joined: Wed Nov 26, 2014 6:40 am

Re: [Q] Buster Sandbox Analyzer

Post by Sahand » Wed Nov 26, 2014 9:46 am

Thanks for this great BSA tool. I'm studying on malware detection rules. I studied on this software and found about 200 different behavioral rules in it. All of them are based on API calls? checking Security softwares is based on checking their Running proccesses? Is their any public and classified source for gathering them? and if its possible introduce me some sources to study in this field. Thank U!

Buster
Posts: 2576
Joined: Mon Aug 06, 2007 2:38 pm
Contact:

Re: [Q] Buster Sandbox Analyzer

Post by Buster » Wed Nov 26, 2014 6:54 pm

Sahand wrote:Thanks for this great BSA tool. I'm studying on malware detection rules. I studied on this software and found about 200 different behavioral rules in it. All of them are based on API calls? checking Security softwares is based on checking their Running proccesses? Is their any public and classified source for gathering them? and if its possible introduce me some sources to study in this field. Thank U!
Not all are API based. They can be related to the creation of specific files/file types/file creation on certain locations, related to specific registry keys in certain locations, stuff related to processes, internet connections on specific ports, ...

There is not any public source for gathering them. There are articles published here and there but there is not a good and serious compilation as far as I know. Many of the malware behaviors I included in BSA I found them while developing the tool and doing malware analyses.

To find for sources I used "malware behaviors" in Google but as I told, there is not anything really good out there.

Locked

Who is online

Users browsing this forum: No registered users and 1 guest