Collaborative RCE Tool Library - X86 Sandboxes (including sub-categories)

Tool Added: Pokas x86 Emulator for Generic Unpacking

2010-07-18T16:32:01Z

Listed in categories: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes

Most recent version:
1.0.0.0

Most recent release date:
July 18, 2010

Description:
Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon ith the help of your feedback.

It still doesn't support multithreading and doesn't support Linux ELF executables.
It's still working only on windows but the Linux version will be available soon.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg

Tool Added: Buster Sandbox Analyzer

2009-12-07T01:55:12Z

Listed in categories: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes

Most recent version:
1.03

Most recent release date:
December 07, 2009

Description:
Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of sandboxed processes and the changes made to system and then evaluate if they are malware suspicious.

The changes made to system can be of several types: file system changes, registry changes and port changes.

A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.

Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.

Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.

From all these changes we will obtain necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.

Watching all these operations in an easy and safe manner is possible thanks to Sandboxie (http://sandboxie.com), an excellent tool created by Ronen Tzur.

Even if Buster Sandbox Analyzer´s main goal is to consider if sandboxed processes have a malware behaviour, the tool can be used also to simply obtain a list of changes made to system, so if you install a software you will know exactly what installs and where.

Additionally apart of system changes we can consider other actions as malware suspicious: keyboard logging, end the Windows session, load a driver, start a service, connect to Internet, etc.

All the above operations can be considered as not malicious but if they are performed when it´s not expected, that´s something we must take in consideration. Therefore it´s not only important to consider what actions are performed. It´s also important to consider if it´s reasonable certain actions are performed.

Tool Updated: Sandboxie

2009-12-07T01:54:02Z

Listed in categories: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes

Most recent version:
3.42

Most recent release date:
December 1, 2009

Description:
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

You can also access all the changes that were made during the program execution.

Tool Added: Joebox

2009-03-26T20:06:46Z

Listed in categories: X86 Sandboxes

Most recent version:

Most recent release date:

Description:
Joebox is a simple sandbox application with a unique special concept. It is designed for automatic behaviour analysis of malware on Windows based operating systems.

Key Features:

* Modular design and structure
* XML and HTML based analysis reports
* 100% complete network traffic reports
* Applicable on Windows XP and Windows Vista
* No emulation or virtualization software necessary
* Ability to build and differentiate behaviour baselines
* Scalable to analyse several binaries at once
* Analyses exe, dlls and even sys
* Fully scriptable
* Simply extensible
* Highly configurable

Tool Updated: Anubis

2009-03-26T20:01:27Z

Listed in categories: X86 Sandboxes

Most recent version:

Most recent release date:

Description:
Anubis is a service for analyzing malware. Submit your Windows executable and receive an analysis report telling you what it does.

Tool Added: ThreatExpert

2009-03-26T19:57:26Z

Listed in categories: X86 Sandboxes

Most recent version:

Most recent release date:

Description:
ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.

Good behavioral analysis!

Tool Updated: CWSandbox

2007-11-11T13:56:36Z

Listed in categories: X86 Sandboxes

Most recent version:
2.0

Most recent release date:

Description:
CWSandbox - Behavior-based Malware Analysis

Malicious software artifacts like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Upon discovery, such malware must be analyzed to determine the danger which it poses. Because of the speed in which malware spreads and the large number of new malware samples which appear every day, malware analysis calls for automation. CWSandbox is an approach to automatically analyze malware which is based on behavior analysis: malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored. From these observations, CWSandbox is able to automatically generate a detailed report which greatly simplifies the task of a malware analyst.

Tool Added: Sunbelt Sandbox

2007-10-20T21:33:17Z

Listed in categories: X86 Sandboxes

Most recent version:

Most recent release date:

Description:
Submit a malware sample to our automated sandbox server to see what the malware would do to your computer if it were installed.

Tool Updated: Norman SandBox

2007-10-20T21:30:02Z

Listed in categories: X86 Sandboxes

Most recent version:

Most recent release date:

Description:
Norman Sandbox Information Center (NSIC) is a web site that offers

* Free uploads of program files that you suspect are malicious or infected by malicious components, and instant analysis by Norman SandBox. The result is also sent you by email.
* Comprehensive statistics of files that are uploaded to NSIC during the latest day, week and month. You will then be able to see tendencies in the creation of malicious software.
* In-dept information about the analysis performed by Norman SandBox of each malicious file that is uploaded.
* Search facility in all analyses after Registry keys, file names, etc.