From Collaborative RCE Tool Library

Jump to: navigation, search

Buster Sandbox Analyzer

Tool name: Buster Sandbox Analyzer
Rating: 5.0 (1 vote)
Author: Buster                        
Current version: 1.81
Last updated: August 22, 2012
Direct D/L link:
License type: Free
Description: Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of sandboxed processes and the changes made to system and then evaluate if they are malware suspicious.

The changes made to system can be of several types: file system changes, registry changes and port changes.

A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.

Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.

Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.

From all these changes we will obtain necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.

Watching all these operations in an easy and safe manner is possible thanks to Sandboxie (, an excellent tool created by Ronen Tzur.

Even if Buster Sandbox Analyzer´s main goal is to consider if sandboxed processes have a malware behaviour, the tool can be used also to simply obtain a list of changes made to system, so if you install a software you will know exactly what installs and where.

Additionally apart of system changes we can consider other actions as malware suspicious: keyboard logging, end the Windows session, load a driver, start a service, connect to Internet, etc.

All the above operations can be considered as not malicious but if they are performed when it´s not expected, that´s something we must take in consideration. Therefore it´s not only important to consider what actions are performed. It´s also important to consider if it´s reasonable certain actions are performed.

Program history :
Related URLs:
Forum thread with release announcements for this tool:
The tool used for data acquiry before analysis (Sandboxie):

RSS feed Feed containing all updates for this tool.

Here below you will find useful notes about this tool, left by other users.

You are welcome to add your own useful notes here, or edit any existing notes to improve or extend them.

Actually the official Buster Sandbox Analyzer website is:

Current version: 1.33

Thanks, I updated the link, version, date and put a direct download link.

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Binary Diff Tools  (7)
   Image Diff Tools  (2)
   System Diff Tools  (5)
   Text Diff Tools  (6)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (8)
   Tracers  (23)
   Needs New Category  (3)