 |
 |  |
|
Buster
|
|
Ok, let me take a look and I will let you know. |
|||||||||||||||||
|
|||||||||||||||||||
 |
| |
|
Buster
|
|
I fixed a bug that caused the message you posted to appear when LOG_API for x64 is used.
I also changed the way BSA works and from next version the window position will be moved to the center of the desktop only on demand. |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Released Buster Sandbox Analyzer 1.73.
Changes: + Added “Launch Internet Explorer” feature + Added new malware behaviours + Improved “Report Manager” feature + Updated BSA.DAT + Updated LOG_API + Fixed several bugs |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Notes about 1.73 release:
Added “Launch Internet Explorer” feature This feature works in the same basis than "Launch Windows Explorer": some malwares will show more behaviors if Internet Explorer is running. From version 1.73, if "Launch Windows Explorer" or "Launch Internet Explorer" option is enabled, BSA will wait 10 seconds before start processing the analyze file in order to give time to Windows Explorer and/or Internet Explorer to initialize in the sandbox. Improved “Report Manager” feature From version 1.73 is possible to make searchs at other parts of reports ("DESCRIPTION" field) and/or analysis reports ("ANALYSIS" field). In version 1.72 I already added some checkings to avoid common problems. In version 1.73 I added other checking related to LOG_API. From version 1.73 BSA will check if the LOG_API version being used is up to date. |
|||||||||||
|
|||||||||||||
|
| |
|
DrCoolZic
|
|
Many many thanks the version 1.73 you just released fix all my problems
For one the "Window title does not match LOG_API string!" message is gone and when using the "Remember window position" option the positions of ALL windows are correctly remembered. Thanks for your excellent program that provides a lot of extremely useful information on top of Sandboxie. Jean |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Released Buster Sandbox Analyzer 1.74.
Changes: + Added functionalities to locate bugs + Added analysis duration information to reports + Removed the option to include version information + Fixed several bugs |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Notes about 1.74 release:
From this version, Buster Sandbox Analyzer will add to SQL database only the first 100 dropped/modified/deleted files of analyzed file. Added functionalities to locate bugs Version 1.74 is a special release that will help me to locate bugs in the application. With the help of software like DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx) I can trace a problem to its origin. This version also includes a module named EurekaLog that will generate a file named BSA.el with useful information to locate bugs in case the application crashes. Added analysis duration information to reports I added analysis duration information to reports. Removed the option to include version information From version 1.74, Buster Sandbox Analyzer will include version information in reports. |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Released Buster Sandbox Analyzer 1.75.
Changes: + Updated HexDive to version 0.4 + Removed functionalities to locate bugs + Fixed several bugs |
|||||||||||
|
|||||||||||||
|
| |
|
Scrapie
|
|
Run's fine for me - thank you
 |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Thanks for the feedback! I will release version 1.76 soon. It fixes a few more bugs so it will be even more stable. The main change on next version will be the introduction of a tool that will help to catch API hooks, and therefore new malware behaviors. I also will change the feature used to launch Internet Explorer and Windows Explorer. I introduced a generic feature to launch whatever application the user decides. |
|||||||||||||
|
|||||||||||||||
|
| |
|
Buster
|
|
Released Buster Sandbox Analyzer 1.76.
Changes: + Added a feature to check for API hooks + Added “Launch Custom Applications” feature + Added new malware behaviours + Included new malware behaviours at “Risk Evaluation Ratings” + Removed “Launch Internet Explorer” and “Launch Windows Explorer” features + Fixed several bugs |
|||||||||||
|
|||||||||||||
|
| |
|
Buster
|
|
Notes about 1.76 release:
Added a feature to check for API hooks Thanks to Roberto Melacci from NoVirusThanks Company Srl (www.novirusthanks.org) for the Ring3 API Hook Scanner now BSA can find API hooks. BSA will include a short reference to the hooks found in report file and a detailed information list in Hooks.TXT file. By default BSA filters SbieDll.dll hook module and also all the modules injected through the "InjectDll" feature from Sandboxie.ini. You can include more excluded hook modules in HooksExclude.TXT file. This new feature allows BSA to detect new malware behaviors. Added “Launch Custom Applications” feature / Removed “Launch Internet Explorer” and “Launch Windows Explorer” features I have removed "Launch > Internet Explorer" and "Launch > Windows Explorer" and added "Launch Custom Applications". This new feature is much more flexible than the previous one, when the list of applications to launch was fixed. Now the user can define what applications wants to launch before the analysis begins. The list of applications to launch is defined at "Config\LaunchList.TXT" file. One application per line. Do not forget the include double quotes to file path. Something like this will be wrong: C:\Program files\My test folder\application.exe This will be fine: "C:\Program files\My test folder\application.exe" It´s possible to include parameters, just like this: "C:\Program files\My test folder\application.exe" -setup -log Fixed several bugs A few more bugs have been fixed. I have tested this version with thousand malware samples and it works fine. |
|||||||||||
|
|||||||||||||
|
| |
|
Scrapie
|
|
Hi there
Not too sure if "Launch Custom Applications” feature works here. BSA says in status bar that it launches custom applications and will delay analys for 10 seconds - but goes on without waiting. explorer & internet explorer (in my case) are also not showing to be active in the Sandboxie Window under programs. My LaunchList.TXT looks like that:
I also noted BIG differences between v1.71 and v1.7.6 in Analysis.txt for the same files - see example below:
Cheers, Scrapie |
|||||||||||||||||
|
|||||||||||||||||||
|
| |
|
Buster
|
|
Try changing the path to: C:\Windows\System32\dllcache
Could you provide a sample to test with and your configuration files (BSA.INI, BSA.DAT, BSA_USER.DAT), please? I will check what changed to cause this behavior. |
|||||||||||||||||
|
|||||||||||||||||||
|
| |
|
Scrapie
|
|
Will do via email
//EDIT: Okay, what I think I found so far: 1.) Since v1.73 these things are not getting logged anymore here: Created a mutex Some entries under "Defined Log_API entry" - but not all of them which is strange computer name user name information volume information 2.) Launch Custom Allications "breaks" the analyse. BSA pretends to wait 10 sec. for them to get launched but carries on immediately and then it seems to stop in the middle and a lot of events are therefor not getting logged. If this feature is disabled it works okay exept for point 1.) 3.) Analyse duration from 1.72 to later versions is getting faster. Missing some steps? |
|||||||||||
|
|||||||||||||
|
 | Buster Sandbox Analyzer | |
|
||
Use the RSS feed to watch this topic for replies |
|
|