Malware Analysis Online Services

[SysAdMini]

Online Malware Analysis Sandbox Comparison
http://ossectools.blogspot.de/2012/02/online-malware-analysis-sandbox.html

[dlipman]

Stefan told me about this 3 weeks ago, but i think joebox is much more better...

I currently submit all executables, all pdf's !!! and all rar and zips to joebox, I think reports are fantastic... to dig in deeper..

-- gerhard

Hi Gerhard:

Stefan has just released JoeSecurity Sandbox v5.0.  
It has been updated for multiple capabilities but most notable is its crunching Phoenix, Blackhole and other exploits.

I have attached data generated by JoeSecurity Sandbox v5.0 for the Blackhole site;  http://50.2.7.109/showthread.php?t=73a07bcb51f4be71

EDIT:

I have removed the PCAP, HTML report and BINs.  They were there long enough.  

[dlipman]

There is a new addition to the JoeSecurity.Org malware analysis lineup.

Joe Document Dissector (aka; Joe DD)

Joe DD - "Joe Document Dissector" is a free automated malware analysis platform for detecting malicious documents.

It opens documents in Acrobat Reader, Microsoft Office Word, Excel or Powerpoint and monitors the behavior of the application. With the help of over 200 generic behavior signatures it determines if the application behaves maliciously.

Currently Joe DD checks documents against the following applications / versions:

    * Acrobat Reader 8.1.2
    * Acrobat Reader 9.3.4
    * Acrobat Reader 9.4.6
    * Acrobat Reader 10.1.3
    * Office (Word, Excel, Powerpoint) 2003
    * Office (Word, Excel, Powerpoint) 2003 SP3
    * Office (Word, Excel, Powerpoint) 2007 SP3
    * Office (Word, Excel, Powerpoint) 2010 SP2


and provides additional data such as static file informations, process startup lists, created / dropped files and contact domains.

[SysAdMini]

Sandy, a new online service for #Java exploit analysis
http://exploit-analysis.com/sandy/index.php

Traditional malware sandboxes are built to analyze binary samples and you can submit binary files blindly to it with out knowing much about them. But that is not the case with exploit samples where a certain criteria’s needed to be satisfied for successful exploitation, like a document exploit might only work on Chinese xp box or a java exploit will only drop files on mac machine etc. And talking about java exploits, there is no sandbox that process java exploit at all. So their needs to be an intelligent specialized system that process these exploit samples.

Our aim is to build an exploit analysis engine specialized in processing file format exploits.

The main aim of sandy is to extract the embedded executable, dropped documents and url controllers from these file formats and provide attribution to the Attack groups and there technology. Sandy initial analysis it performs multiple static analysis, that included detecting simple XOR, ROL, ROR encryption, Packer detection, Signature scan,Shellcode Detection, Meta Data analysis, Entropy and Cryptanalysis, File version detection and finally provides the extracted analysis data after processing for download to the end user. Once the static analysis is finished the data generated is passed on to our dynamic analysis box for improved efficiency. All current systems out there blindly pass exploit samples to a dynamic sandbox. But sandy uses the static analysis data to do an intelligent dynamic analysis, there by making the system unique.

[SysAdMini]

Hybrid Analysis

https://www.hybrid-analysis.com/

Pure dynamic analysis is not enough anymore these days, as malware evolves and detects sandbox systems. Often, the real payload is not executed and triggered through timebombs or other mechanisms. Combining static with dynamic analysis in a hybrid solution is a next generation approach when it comes to malware analysis. As data load grows, we need performant and intelligent solutions. That is what we offer with our product VxStream Sandbox - a fully automated malware analysis solution with integrated Hybrid Analysis technology.