[Buster_BSA]

Does it work as expected after the change?

[garack]

yes it works great :)

The only problem i have is to start malware that comes with a .dll not a .exe

i have a .dll that must be started with regsvr32, so i start the cmd via sanboxie and start the .dll via regsvr32, but the malware doesnt start as it should..

Is there a way you know to start .dlls via sandboxie ?

[Buster_BSA]

yes it works great :)

The only problem i have is to start malware that comes with a .dll not a .exe

i have a .dll that must be started with regsvr32, so i start the cmd via sanboxie and start the .dll via regsvr32, but the malware doesnt start as it should..

Is there a way you know to start .dlls via sandboxie ?

Starting a DLL is not trivial. It should have some function to install or do something, so you must look at the list of exported functions and then run something like:

rundll32.exe file.dll,installA

One example: Flame. Take a look here: http://blog.cuckoosandbox.org/2012/05/2 ... -in-flame/

[garack]

ok thanks; Strange think is that the malware is starting without sandboxie when i regsvr32 the DLL...

[Buster_BSA]

Probably due it has a DllMain function which performs operations.

[Buster_BSA]

Released Buster Sandbox Analyzer 1.74.

Changes:

+ Added functionalities to locate bugs
+ Added analysis duration information to reports
+ Removed the option to include version information
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.75.

Changes:

+ Updated HexDive to version 0.4
+ Removed functionalities to locate bugs
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.76.

Changes:

+ Added a feature to check for API hooks
+ Added “Launch Custom Applications” feature
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Removed “Launch Internet Explorer” and “Launch Windows Explorer” features
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.77.

Changes:

+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.78.

Changes:

+ Added a feature to specify report folder in automatic mode
+ Improved “URL Analyzer” feature
+ Improved command line feature
+ Removed “Save Settings on Exit” feature
+ Fixed several bugs