DarkBlood wrote:After hours of searching info, I discovered another way, "run an executable file remotely" with Comodo Malware Analysis, is wonderful, you can upload a file and then you can view all the changes that have been made, registry keys added or changed, files, memory, threads, processes, autostart elements, etc.
okey? wrote:Here you find alot of solutions, and if you look around that forum you'll see many 0-day rootkits/more crap reversed and explained what they can do if you got em in your computer.
http://www.kernelmode.info/forum/viewto ... 3e56d0442c
Buster wrote:You have an extended list of that kind of webs here:
And in this forum you can find a program that using Sandboxie will do the same kind of analysis.
DarkBlood wrote:So congratulations and thank you for your program (Buster Sandbox Analyzer) and one question, you recommend me your program or SandboxDiff?
Oneder wrote:Here on the real system I run samples through a default sandbox monitored by BSA with the real system virtualised with Returnil (older version).
If a sample won't run sandboxed then I use a VM and monitor the install with Zsoft Uninstaller and even then some samples won't run so I upload to Virus Total to get an idea of what I've got.
Buster wrote:Because you don´t trust Returnil or because is more difficult to find droppers?
Buster wrote:So if I understand correctly you use a VM to run a sample when it doesn´t run under Sandboxie because you don´t have enough confidence on Returnil.
I´m working in BSA to make it able to analyze samples that don´t work under Sandboxie. I will use a third-party software to monitorize file/registry/processes/network. BSA will be able to process the information collected by this software.
This third-party software can run on a real system or in a VM machine. It´s always better to run a sample on a real system because some samples check for the presence of VMs meanwhile it´s more rare to find malware samples checking for software like Returnil or Deep Freeze.
Users browsing this forum: Majestic-12 [Bot] and 2 guests