A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #15732  by Buster_BSA
 Mon Sep 24, 2012 2:49 pm
Released Buster Sandbox Analyzer 1.79.

Changes:

+ Added “Edit BSA_USER.DAT” feature
+ Improved typical error problem checkings
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Fixed several bugs
 #15733  by hanan
 Mon Sep 24, 2012 7:29 pm
Could you please tell me why use BSA and not Cuckoo sandbox (under VirtualBox which doesn't have detection in malware yet AFAIK) ?

I have actually tried to use BSA, but i was overwhelmed by the amount of information i have got, since i am used to use the manual way (e.g ProcMon, Regshot, and so on).
Maybe you could improve the output of the data in a more organized and categorized way, so that one can get a better idea on what to put his effort.
 #15734  by Buster_BSA
 Mon Sep 24, 2012 8:51 pm
Take a report generated by BSA and using it make other report in a more organized and categorized way. Then show me both so I can get an idea of what you would like to see.

Why use BSA and not Cuckoo? That´s something you must decide after trying both.
 #15966  by Buster_BSA
 Fri Oct 12, 2012 5:30 pm
Released Buster Sandbox Analyzer 1.80.

Changes:

+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Updated “URL Analyzer” feature
+ Udated BSA.DAT
+ Updated LOG_API
+ Updated malware behaviors
+ Updated HexDive
+ Fixed several bugs
 #16869  by Buster_BSA
 Tue Nov 27, 2012 7:14 pm
Released Buster Sandbox Analyzer 1.82.

Changes:

+ Added a feature to analyze Android applications
+ Added new malware behaviours
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Improved “Run Custom Command On Finish” feature
+ Updated LOG_API
+ Updated HexDive to version 0.6
+ Updated ExeInfo to version 0.0.3.2
+ Fixed several bugs
 #16955  by Buster_BSA
 Sun Dec 02, 2012 10:52 am
Released Buster Sandbox Analyzer 1.83.

Changes:

+ Added new malware behaviours
+ Added the possibility of including comments in BSA.DAT
+ Included new malware behaviours at “Risk Evaluation Ratings”
+ Optimized file string search
+ Updated BSA.DAT
+ Fixed several bugs
 #17170  by hanan
 Fri Dec 14, 2012 11:19 am
in a log after analyzing one of the components of flame, i'have got this entry:
Listed all entry names in a remote access phone book

What does it mean?
What an attacker can achieve with that?
What are the API calls used (generally) to achieve this rating ?

THX.
 #17171  by Buster_BSA
 Fri Dec 14, 2012 11:34 am
hanan wrote:in a log after analyzing one of the components of flame, i'have got this entry:
Listed all entry names in a remote access phone book

What does it mean?
What an attacker can achieve with that?
What are the API calls used (generally) to achieve this rating ?

THX.
It rises when the API RasEnumEntries is used:

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

An attacker could leak personal information from your computer.
  • 1
  • 24
  • 25
  • 26
  • 27
  • 28
  • 32