[Buster_BSA]

I think the real reason no talented people bother with SB tools is because the author hypes it a lot and it's commercial

At least one talented guy bothered with SB: vallez, former 29A member.

http://vallejo.cc/?p=48

[EP_X0FF]

All this hiding is complete wasting of time. Yes you can smudge your code within the address space of the victim, use tandem of trampolines, morph handlers and so on, but it's not worth a damn, because the logger is working with the sandbox components, which are not possible to completely hide (without breaking their functionality) without sandbox native support. This is just a sandbox, not a VM.
I suggest Buster to only unlink dll from lists (or/and randomize/fake it name) and forget about everything else.

[Buster_BSA]

Released Buster Sandbox Analyzer 1.36.

Changes:

+ Added support for ssdeep
+ Improved the support for DLL files
+ Report informations can be selected individually
+ Updated BSA.DAT
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.37.

Changes:

* Improved hiding feature
* Updated BSA.DAT
* Removed evaluation risk feature
* Fixed several bugs

Part of the improved hiding feature is the possibility of naming LOG_API.DLL with the file name you prefer.

Evaluation risk was removed from malware analysis report because it was too misleading. Probably I will reintroduce the feature in the near future but having other format.

[Buster_BSA]

Mr.Bojangles: Ldr->HashLinks thing should be fixed. Could you check if that´s right, please?

[Buster_BSA]

I forgot to comment a new feature in version 1.37.

* Added "Version Information" feature. This feature will include a header in reports with the version and date of creation of reports.

[Mr.Bojangles]

I'll check it out. I've been busy with some contracts lately, but still use the tool.

If you don't use the SB API and EP you can hide from everything except self-debugging with inline-hooking.

[Buster_BSA]

I'll check it out. I've been busy with some contracts lately, but still use the tool.

If you don't use the SB API and EP you can hide from everything except self-debugging with inline-hooking.

Thanks for checking!

What´s the meaning of EP? Entry Point?

[Buster_BSA]

Released Buster Sandbox Analyzer 1.38.

Changes:

+ Added risk evaluation module
+ Added several improvements
+ Fixed several bugs

[Buster_BSA]

Released Buster Sandbox Analyzer 1.39.

Changes:

+ Fixed several bugs.