Today we bring you exciting news. We have enhanced the Joe Sandbox Cloud URL reputation with Avira URL Cloud. Avira is a renowned German antivirus software, known to provide excellent malware detection rates
To enable URL checks, go to the Submission Tab - Intelligence and select "Use third-party URL reputation lookup
High-Value Reputation Checks for URLs from any source
How does Joe Sandbox Cloud's URL reputation work? Users (manually or via our extensive RestFul Web API
) submit samples to Joe Sandbox Cloud. A sample can be either a URL or a binary file:
Joe Sandbox dynamically analyzes the file by executing it in a sandbox. During analysis, Joe Sandbox extracts URLs from several different sources, including:
Joe Sandbox captures the complete network behavior of the sample. For HTTP and HTTPS (with SSL inspection) URLs are automatically extracted.
Command Line Arguments
Often malware includes a list of several C&C URLs which are passed via command line. However, only the first URL is contacted during the execution. To get a deeper analysis it is important to also extract URLs from command line arguments.
Memory and Binaries Data
Another very good source to look for URLs is the memory as well as binaries which for instance have been dropped by the malware. Joe Sandbox captures memory dumps at various execution points to detect unpacking and decryption. In addition, any dropped or touched file is preserved and scanned for URLs:
Hybrid Code Analysis
Finally, Joe Sandbox performs extensive static code analysis on captured memory dumps. Disassembly often includes hidden strings which can be valid URLs:
All the extracted URLs are sent to reputation engines that Joe Sandbox Cloud Pro integrates with so far:
Each reputation engine provides a verdict. The verdict is being used for various purposes, such as detecting more malware, lowering false positive as well as providing insights for analysts. Below you can find a few excerpts from reports including reputation data:
Joe Sandbox Cloud more powerful than ever
Thanks to Avira URL Cloud integration, Joe Sandbox Cloud Pro customers benefit from a high-value third-party reputation engine. This without any price change!
In contrast to many other vendors, Joe Sandbox extracts URLs from many sources and checks URLs against a row of five different reputation engines.
A lot of data combined with high-value reputation engines greatly increase the virus detection efficiency of Joe Sandbox!