Joe Sandbox Hypervisor is a modular and standalone hypervisor which does not derivate from an existing open source virtualization platform such as KVM and XEN. The hypervisor stealthy captures a wide range of data, including:
Due to its design Joe Sandbox Hypervisor enables analysis of any malware (including kernelmode rootkits) on virtual machines as well as on bare metal machines (real PCs, laptops etc). Malware often evades analysis on virtual machines (not bare metal) by detecting unique virtual machine arifacts. Analysis on bare metal with Joe Sandbox Hypervisor does not have this weakness.
Have a look at the behavior analysis reports generated by Joe Sandbox Hypervisor or contact Joe Security to schedule a technical presentation.
Joe Sandbox Hypervisor is implemented as a custom hypervisor which does not derivate from virtualization solution such as XEN and KVM. Due to this independence Joe Sandbox Hypervisor can run on any device, including virtual machines as well as bare metal.
Joe Sandbox Hypervisor enables to use a mix of virtual and physical analysis machines for analysis. Physical machines are very helpful in order to deal with evasive malware which may not run on virtual systems.
Joe Sandbox Hypervisor captures a wide range of dynamic data: system calls with arguments, kernel calls with arguments, usermode calls with arguments, access to mode memory areas (e.g. PEB), access to performance counters and execution of specific instruction (e.g. CPUID) by kernel and user code. Joe Sandbox's behavior analysis and detection greatly benefits from this extensive data, enabling the deepest analysis possible.
Joe Sandbox Hypervisor tracks access to memory areas, such as the Windows process environment block (PEB). Information about read and write greatly increases the chance to better detect and understand malware.
Joe Sandbox Hypervisor is running in seperated mode (ring - 1) which is hard for malware to detect. Joe Sandbox Hypervisor enables to run any malware including kernelmode rootkits. Again since Joe Sandbox Hypervisor runs in separate mode it is very difficult to be detected by malware.
Joe Sandbox Hypervisor analyzes malware with native speed and does't introduce any latency or delays. Joe Sandbox Hypervisor's code has been optimized to run highly efficient.
Have a look at the behavior analysis reports generated by Joe Sandbox Hypervisor or contact Joe Security to schedule a technical presentation.