[Buster_BSA]

Released Buster Sandbox Analyzer 1.79.

Changes:

+ Added “Edit BSA_USER.DAT” feature
+ Improved typical error problem checkings
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Fixed several bugs

[hanan]

Could you please tell me why use BSA and not Cuckoo sandbox (under VirtualBox which doesn't have detection in malware yet AFAIK) ?

I have actually tried to use BSA, but i was overwhelmed by the amount of information i have got, since i am used to use the manual way (e.g ProcMon, Regshot, and so on).
Maybe you could improve the output of the data in a more organized and categorized way, so that one can get a better idea on what to put his effort.

[Buster_BSA]

Take a report generated by BSA and using it make other report in a more organized and categorized way. Then show me both so I can get an idea of what you would like to see.

Why use BSA and not Cuckoo? That´s something you must decide after trying both.

[Buster_BSA]

Released Buster Sandbox Analyzer 1.80.

Changes:

+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Updated “URL Analyzer” feature
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Updated HexDive
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.81.

Changes:

+ Updated LOG_API
+ Updated “URL Analyzer” feature
+ Updated “Check for Updates” feature
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.82.

Changes:

+ Added a feature to analyze Android applications
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Improved “Run Custom Command On Finish” feature
+ Updated LOG_API
+ Updated HexDive to version 0.6
+ Updated ExeInfo to version 0.0.3.2
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.83.

Changes:

+ Added new malware behaviours
+ Added the possibility of including comments in BSA.DAT
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Optimized file string search
+ Updated BSA.DAT
+ Fixed several bugs

[hanan]

in a log after analyzing one of the components of flame, i'have got this entry:

Listed all entry names in a remote access phone book

What does it mean?
What an attacker can achieve with that?
What are the API calls used (generally) to achieve this rating ?

THX.

[Buster_BSA]

in a log after analyzing one of the components of flame, i'have got this entry:

Listed all entry names in a remote access phone book

What does it mean?
What an attacker can achieve with that?
What are the API calls used (generally) to achieve this rating ?

THX.

It rises when the API RasEnumEntries is used:

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

An attacker could leak personal information from your computer.

[kmd]

hi Buster.

do you still looking for ways of evading sandboxie from detection?