[Buster_BSA]

Released update 3 for version 1.88.

The new update is available here.

Changes:

+ Fixed a bug.

+ Fixed FileVersion information.

[Buster_BSA]

Released update 4 for version 1.88.

The new update is available here.

Changes:

+ Fixed a bug related to "Take Screenshots" feature.

[AronPX]

so good tool thank u!

[pixe1]

Thanks ...

[Buster_BSA]

An option that redirects all newly created files to a specific folder?(BSA do this, but does not work in most cases)

You mean Sandboxie, and it works in all cases: no files are written out of sandbox folder.

[rnd.usr]

You mean Sandboxie, and it works in all cases: no files are written out of sandbox folder.

Oh, yes I mean Sandboxie. I analyzed a sample a few days ago and an .ini was dropped but Sandboxie did not save the file. Cuckoo did a great job with the saving.

malwr: https://malwr.com/analysis/YmNhNTIxOTZj ... Y0YmZlYWU/

Test the binary in BSA and you'll see. Or am I doing something wrong?

(also, if mod want to move just this post to BSA thread, please feel free)

[Buster_BSA]

I do not see any ".ini" in the malwr report.

[rnd.usr]

I do not see any ".ini" in the malwr report.

I'am sorry, I meant .bat-file.

[Buster_BSA]

The .bat file is created and then deleted. You can see that at LOG_API.TXT:

CreateFile(C:\Documents and Settings\Buster\Datos de programa\9004503.bat) [c:\m\test\f29e355693fc9169e02179fe510f56f6fc6975c2250dc794f25a0333e673e729.exe]
DeleteFile(C:\DOCUME~1\BUSTER\DATOSD~1\9004503.bat) [c:\windows\system32\cmd.exe]

Sandboxie does not save the file because the file would not be saved if you run the malware in a real system, so it is perfectly normal.

[rnd.usr]

Sandboxie does not save the file because the file would not be saved if you run the malware in a real system, so it is perfectly normal.

I understand that, but I want to have the file saved, it's essential for further investigate how the malware works.

So Sandboxie does not save dropped files?