Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Buster Sandbox Analyzer

This forum focuses on analyzing malware and any aspects of dealing with packer protections.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Buster Sandbox Analyzer

Post by VirusBuster »

Official site is:

http://bsa.isoftware.nl

And the tool can be downloaded from:

http://bsa.isoftware.nl/bsa.rar

Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of processes and the changes made to system and then evaluate if they are malware suspicious.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.33.

Changes:

+ Added a feature to run BSA from command line in automatic mode
+ Added Exeinfo support
+ Added extra information of dropped files
+ Updated BSA.DAT
+ Updated LOG_API
+ Fixed a bug
Silkut
Senior Member
Posts: 579
Joined: Fri Mar 31, 2006 11:29 am

Post by Silkut »

Hey VirusBuster,

Thanks for the contribution, I updated the page dedicated to this on the CRCETL

http://www.woodmann.com/collaborative/t ... x_Analyzer

:yay:
Please consider donating to help Woodmann.com staying online (here is why).
Any amount greatly appreciated. Thank you.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Thanks for the information update, silkut!
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.34.

Changes:

+ Added a feature to copy/move processed files in automatic mode
+ Added a feature to export RegHive to .REG format
+ Updated LOG_API
+ Removed HideDriver
+ Fixed a bug
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer version 1.35.

Changes:

+ Added HideDriver again
+ Added LOG_API version for 64 bit systems
+ Fixed several bugs
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.36.

Changes:

+ Added support for ssdeep
+ Improved the support for DLL files
+ Report informations can be selected individually
+ Updated BSA.DAT
+ Fixed several bugs
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.37.

Changes:

* Improved hiding feature
* Updated BSA.DAT
* Removed evaluation risk feature
* Fixed several bugs

Part of the improved hiding feature is the possibility of naming LOG_API.DLL with the file name you prefer.

Evaluation risk was removed from malware analysis report because it was too misleading. Probably I will reintroduce the feature in the near but having other format.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

I forgot to comment a new feature in version 1.37.

* Added "Version Information" feature. This feature will include a header in reports with the version and date of creation of reports.
Silkut
Senior Member
Posts: 579
Joined: Fri Mar 31, 2006 11:29 am

Post by Silkut »

Article updated on the CRCETL. :)
Please consider donating to help Woodmann.com staying online (here is why).
Any amount greatly appreciated. Thank you.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.38.

Changes:

+ Added risk evaluation module
+ Added several improvements
+ Fixed several bugs
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.39.

Changes:

+ Fixed several bugs.
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.40.

Changes:

+ Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered
+ Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support
+ Added Exeinfo support to File Signature feature
+ Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.42.

Changes:

+ Added a feature to capture screen in video (VLC installation required)
+ Added a feature to report direct disk writing attempts (Sandboxie 3.59.01 or newer version required)
+ Fixed a bug
VirusBuster
Member
Posts: 85
Joined: Mon Aug 27, 2007 10:48 am

Post by VirusBuster »

Released Buster Sandbox Analyzer 1.44.

Changes:

+Changed the feature to do not show UDP packets. Now the feature will ignore UDP packets from PCAP captures and reports
+ Added a feature to minimize BSA when the feature to do video capture is enabled
+ Added a feature to compress to ZIP sandbox folder contents when “Keep Sandbox Files” is enabled
+ Added information related to date of submission in VirusTotal reports
+ Added several improvements
+ Updated LOG_API
Locked