~ Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of processes and the changes made to system and then evaluate if they are malware suspicious.
~ The changes made to system can be of several types: file system changes, registry changes and port changes.
~ A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.
~ Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.
~ Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.
~ From all these changes we will obtain the necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.
Brief list BSA advantages :
Pros of Buster Sandbox Analyzer / Cons of other malware analyzers:
Buster Sandbox Analyzer will run on any computer where Sandboxie is installed and working. An Internet connection is not required.
Web-based malware analyzers require an Internet connection to be able to submit the sample to analyze and retrieve analysis results.
Buster Sandbox Analyzer will be able to analyze any kind of file type (EXE, BAT, VBS, PDF, XLS, DOC, ...). If the file can be executed Buster Sandbox Analyzer will be able to analyze it.
Usually malware analyzers just process PE files (Win32 executables).
With Buster Sandbox Analyzer if a library (DLL, OCX, ...) or other software is required you can accomplish the requirement just copying or installing whatever it´s necessary to get the application working properly.
Some other malware analyzers just run a program at a time. If a library or anything else is required the analysis will fail and there is nothing you can do about this.
With Buster Sandbox Analyzer if a program requires to click any button to continue or whatever, e.g. installations and setups, you will be able to do it.
Other malware analyzers are "automatic" (unattended) and can only analyze programs that perform actions directly, without human intervention. The analysis will stop if the program waits for the user to click "Next" or click in "Accept the agreement" checkbox e.g.
Buster Sandbox Analyzer shows information that can be clearly understood even by non advanced users.
Other malware analyzers usually show a big amount of information when the analysis finishes. A neverending list of used APIs can be a scaring thing for non advanced users and probably they will not be able to understand what they are seeing.
Buster Sandbox Analyzer is free of charge. You just should pay for a Sandboxie license which is very cheap and it´s lifetime.
Web-based malware analyzers are free of charge but the service can be discontinued at any time. ZeroWine is free of charge but seems discontinued and Norman Sandbox is really expensive.
Buster Sandbox Analyzer can be configured. You can define what file types to watch, what registry entries must be considered as AutoStart locations, etc. You can configure BSA to save network traffic.
Other malware analyzers can not be configured by the user.
With Buster Sandbox Analyzer advanced users can enhance the analysis running additional software inside the sandbox to retrieve more information, like Mark Russinovich´s Process Monitor, Process Explorer, etc.
In other malware analyzers the analysis can not be improved at all.
Buster Sandbox Analyzer is Windows version independant. It can be used in Windows 2000, Windows XP, Windows Vista or Windows 7.
Other malware analyzer will analyze the malware only under Windows XP,
Windows Vista or Windows 7. If the malware is version dependant or crashes on a specified operating system this will be a problem.
Buster Sandbox Analyzer can be configured to work in automatic mode, therefore it can process a batch of files.
Other malware analyzers don´t analyze batch of files.
Buster Sandbox Analyzer can run on-demand in automatic mode from command line. That means it can be incorporated to batch processes.
Other malware analyzer can not work in this way.
Buster Sandbox Analyzer can automate the execution of most setups when running in automatic mode.
Other malware analyzers will be unable to analyze properly setups because they stop when the setup requests the user to press “Next” or other button.
Buster Sandbox Analyzer is a Windows native software, therefore it´s the right solution for analyzing Windows programs.
Other malware analyzers are Linux based applications, therefore Windows support must be emulated. In that cases Windows compatilibity is not 100% so certain files may fail to be analyzed.
Buster Sandbox Analyzer can analyze multiple samples at the same time.
Other malware analyzers can only process one sample at a time.
Buster Sandbox Analyzer can be translated to your language and you can do it yourself.
Other malware analyzers only support one language.
Buster Sandbox Analyze can analyze a single URL or a list of them loaded from a file in automatic mode.
Other malware analyzer does not support analyzing URLs.
With Buster Sandbox Analyzer the required time between an analysis and the next one is near to none.
Other malware analyzers must shutdown the virtual machine, restore the snapshot, etc., which are time and resource consuming tasks.
Sandboxie, the framework used by Buster Sandbox Analyzer to perform malware analysis, is very fast and light, so it almost does not take system resources.
Other malware analyzers use as framework for malware analysis a virtual machine like VirtualBox, VMWare, …, which take many system resources and it is slow.
Buster Sandbox Analyzer is able to analyze 64-bit applications.
Other malware analyzers only analyze 32-bit applications.
VIDEO TUTOR HOW TO SETUP AND USE Buster Sandbox Analyzer
LINK VIDEO -> HERE
DOWNLOAD BUSTER SANDBOX ANALYZER LATEST VERSION
DOWNLOAD HERE
