[Buster_BSA]

Thanks for the bug report, ISergey256!

I will take a look and I will come back with news.

[Buster_BSA]

VirusTotal changed html format so BSA was unable to parse it properly.

I just updated BSA: added support for new html layout and update the SQL feature to support new av engines.

I hope I can release BSA 1.88 next week.

[Buster_BSA]

After a few tests with Sandboxie version 4 and due the major changes to underlying architecture I have considered Sandboxie is not suitable for malware analysis anymore, therefore Buster Sandbox Analyzer development will be discontinued.

[r3shl4k1sh]

Could you give some explanation as to why Sandboxie isn't suitable for malware analysis?

[Buster_BSA]

Could you give some explanation as to why Sandboxie isn't suitable for malware analysis?

Ronen commented in a message:

"The way this works is Sandboxie reduces the permissions of the program to nothing, so the program has to go through Sandboxie to access resources, or else the resource access is guaranteed to fail. If Sandboxie thinks the access is ok, it will do the access on behalf of the program with the original permissions of the program. So Drop Rights can still determine if those original permissions will include Administrators or not."

In my opinion Sandboxie version 4.x is not suitable for malware analysis because is too restrictive and now malwares that used to run properly in version 3 fail to run in version 4.

Ronen suggested to emulate things at LOG_API layer, the problem is I do not have the skills to find out what must be emulated.

[r3shl4k1sh]

Keep using v3, As long as there isn't any 0day in it it is still possible to use it. I don't think you should abandon your project so easily.

[Buster_BSA]

Keep using v3, As long as there isn't any 0day in it it is still possible to use it. I don't think you should abandon your project so easily.

There are known bugs in version 3 and Ronen will not fix them because version 3.x production line has been abandoned. In such conditions I will not continue the project.

[France]

There are known bugs in version 3 and Ronen will not fix them because version 3.x production line has been abandoned. In such conditions I will not continue the project.

Sorrowfully, maybe you should make own sandbox or reverse 3.x version of Sandboxie ? I think, many interested people will join to develop the project. Why not ?

[Xylitol]

discontinued or not, you have do an amazing work, respect !

[Buster_BSA]

Released Buster Sandbox Analyzer 1.88 - Final Release

Changes:

+ Added support for MAEC 3.0 reports
+ Fixed VirusTotal report information