[Buster_BSA]

Released Buster Sandbox Analyzer 1.59.

Changes:

+ Updated LOG_API
+ Updated PEiD's USERDB.TXT
+ Fixed several bugs

Note: This version contains important bugfixes.

[a_d_13]

Hello,

Have you ever considered adding a feature to output the report in JSON? It is much easier to parse and use than XML, IMHO :) It is not so hard to automatically convert from XML to JSON, either, but it would be nice to not need a converter.

Thanks,
--AD

[Buster_BSA]

Hello,

Have you ever considered adding a feature to output the report in JSON? It is much easier to parse and use than XML, IMHO :) It is not so hard to automatically convert from XML to JSON, either, but it would be nice to not need a converter.

Hello a_d_13.

No, I never thought about adding support for reports in JSON.

Are you using Buster Sandbox Analyzer and would like to get reports in that format?

Regards.

[a_d_13]

Hello,

Yes, I am using BSA, and yes I am currently converting from the XML reports to JSON using a Python script. I thought I would make a feature request so I did not have to do this.

Thanks,
--AD

[Buster_BSA]

Yes, I am using BSA, and yes I am currently converting from the XML reports to JSON using a Python script. I thought I would make a feature request so I did not have to do this.

I feel honored! :)

Please send me two or three XML/JSON files (paired) so I can take a look and see what it is the correct format output for JSON.

[Buster_BSA]

Released Buster Sandbox Analyzer 1.60.

Changes:

+ Added a feature to analyze URLs
+ Added an option at “SQL > Report Manager” feature to import records from an external database
+ Added support for JSON reports
+ Added a feature to avoid screensaver activation while an analysis is being performed
+ Updated LOG_API
+ Fixed several bugs

[Buster_BSA]

buster, my .exe calls writeprocessmemory 4 times, your tool only shows it is called 1 time, is it normal?

In version 1.60 I changed the way APIs are showed. From this version no APIs will be repeated, so if your .exe calls writeprocessmemory 4 times, only 1 will be displayed.

As I already commented, I do this because from a behavioural point of view it does not matter how many times an action is performed, it only matters the first time.

At the same time this change speeds up Buster Sandbox Analyzer.

[Buster_BSA]

Released Buster Sandbox Analyzer 1.61.

Changes:

+ Added a feature at “Risk Evaluation Ratings” to show hints related to malware behaviours
+ Modified the layout to show separately the file being processed from the number of files left to be processed
+ Added new malware behaviours
+ Included new malware behaviour at “Risk Evaluation Ratings”
+ Updated LOG_API
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.62.

Changes:

+ Added a feature to patch LOG_API automatically
+ Updated LOG_API
+ Fixed several bugs

[EP_X0FF]

I found interesting article about BSA

http://holisticinfosec.blogspot.co.uk/2 ... ayzer.html