Over the last couple of weeks, we have been very busy and have added new features to
Joe Sandbox. In this post, we are going to show you our favorites. These features cross the complete space of malware analysis analysis and include new visualizations, analysis and more.
Generic Classification
In order to quickly determine the malicious payload we have added a spider chart visualization to the analysis report:
Joe Sandbox also generates a new classification label:
All classification figures are available in the Joe Sandbox reports (XML, JSON) as raw formats. The complete classification algorithm is open and therefore enables customized tuning. Our spider charts help to quickly determine the type of the malware without requiring any in-depth technical understanding of the malware. By clicking on the malware icons you can get a detailed description. Besides the spider chart, we also introduced new pie charts for many analysis data as well as for the famous behavior graphs:
Example report:
Deep Static Analysis of OLE files
The static analysis includes code analysis and deobfuscation for VB macros. Documents with VB macros have become a common way to deliver payload to the end user system. With the new static code analysis deep analysis and detection of such malware is possible.
WMI Analysis
WMI is an extensive interface on Windows to query information about the system. It is also difficult to intercept and analysis. Therefore, it is often used by malware to detect and fingerprint the analysis system. With the latest release of Joe Sandbox all WMI activity is captured.
Inspection of HTTPS Traffic
Full HTTPS traffic inspection has been added to
Joe Sandbox Cloud. HTTPS analysis is also possible for URL analysis with IE.
950+ Behavior Signatures
We have developed many new behavior signatures. Our complete set has currently over
950 signatures. Many of the new signatures are highly advanced:
USB Fake Drive
Want to see if malware infects USB drives? Want to see if malware spreads via network shares? No problem! We have functionality to create a USB fake drive:
Network shares are simulated with our
Adaptive Internet Simulation Technology:
The features outlined are just a selection. There are various other extensions and improvements which were developed. We have also planned some great new features for 2016! So watch out!