Buster Sandbox Analyzer

(Today we have an interesting collaboration of Pedro Lopez, who describes Buster Sandbox Analyzer tool for those who do not already know it and invites anyone interested to collaborate with its development)

Buster Sandbox Analyzer is a tool designed to analyze the suspicious behavior of applications, ie those actions carried out typically by malware. Some examples of typical actions performed by malware are making a copy of itself elsewhere on the hard drive, modifying registry keys or adding files in the Windows installation directory among others.

However, when identifying an action as “dangerous”, the question is that some of the actions considered as suspicious are also usually performed by legitimate applications. It is thus very important to consider the overall context of the analyzed application: is it reasonable that the application we tested perform these actions?

Buster Sandbox Analyzer has been three years in development and covers all the functionalities of a tool of this purpose: it is able to detect changes in the file system (creation, modification and deletion of files) and in the registry, network connections and also has lots of utilities to ease the analysis. Note that the analysis can be performed either manually or automatically, when it is necessary to automate the analysis process. It is also possible to perform several tests simultaneously.

I believe that at this time there are few missing features in Buster Sandbox Analyzer, and the main effort is to extend the set of suspicious behaviors that are not currently included in the analysis. Due to constant appearance of new techniques in the development of malware, the “suspicious” actions are constantly changing and it is necessary to keep up. From this post I would like to seek the cooperation of all those interested in computer security and malware analysis to contribute to the project with ideas to help improve the tool, especially with behaviors that are not yet included.

For more information, please visit the tool website at http://bsa.isoftware.nl/ where you will find all the documentation to install and configure the tool. There is also a video showing a Buster Sandbox Analyzer installation from scratch. The video is available on http://bsa.isoftware.nl/framee.htm. For further information please use the comments on this post or direct mail to malware.collector [at] gmail.com.