Page 2 of 2

Re: [Q] Buster Sandbox Analyzer

Posted: Fri Mar 28, 2014 12:24 pm
by Buster
operat0r2 wrote:* maybe you could send your entire BSA setup with Sandboxie ini maybe im missing something some how ?
There is no relation between BSA and Sandboxie when it comes to retrieve results from VirusTotal. And the code which BSA uses to retrieve results from VirusTotal is pretty simple, so I can not imagine what the problem could be. :?

This is the first time I receive a bug report like this. I will try to reproduce the problem on a Windows 7 64 but I am afraid I will be unable.

Re: [Q] Buster Sandbox Analyzer

Posted: Tue Apr 22, 2014 7:43 pm
by Buster
I finally was able to reproduce the problem.

The issue is not really in BSA. VirusTotal changed the way it works: some time ago you could check a virus report using directly the MD5 hash of the file, but not anymore.

I will make a change in BSA and will release a new update.

Re: [Q] Buster Sandbox Analyzer

Posted: Wed Nov 26, 2014 9:46 am
by Sahand
Thanks for this great BSA tool. I'm studying on malware detection rules. I studied on this software and found about 200 different behavioral rules in it. All of them are based on API calls? checking Security softwares is based on checking their Running proccesses? Is their any public and classified source for gathering them? and if its possible introduce me some sources to study in this field. Thank U!

Re: [Q] Buster Sandbox Analyzer

Posted: Wed Nov 26, 2014 6:54 pm
by Buster
Sahand wrote:Thanks for this great BSA tool. I'm studying on malware detection rules. I studied on this software and found about 200 different behavioral rules in it. All of them are based on API calls? checking Security softwares is based on checking their Running proccesses? Is their any public and classified source for gathering them? and if its possible introduce me some sources to study in this field. Thank U!
Not all are API based. They can be related to the creation of specific files/file types/file creation on certain locations, related to specific registry keys in certain locations, stuff related to processes, internet connections on specific ports, ...

There is not any public source for gathering them. There are articles published here and there but there is not a good and serious compilation as far as I know. Many of the malware behaviors I included in BSA I found them while developing the tool and doing malware analyses.

To find for sources I used "malware behaviors" in Google but as I told, there is not anything really good out there.