Several remote services are available to analyze submitted software programs or files for malicious contents like computer viruses or trojans. Among them are Virus Total which uses more than a dozen different antivirus engines to scan submitted files. All of them have one thing in common: They scan and analyze the files using signature databases and maybe heuristic methods which means that they might miss malicious code. The benefit of a security scan in a remote secure environment is that the uploaded files or computer software programs get executed and analyzed.
CW Sandbox is a web service with a similar looking frontend like all the other online virus scanners. What sets it apart is the remote secure environment that it uses to execute and analyze the files that get uploaded. It uses a sandbox to execute the file and will log all system activity that is connected to the file launch. The file analysis contains a summary but also detailed changes to the file system, the Windows Registry and network activity plus a technical summary with additional information.
Each report is divided into different categories. The File Changes for example contains categories that list newly created, opened and deleted files and a summary that lists all file operations in chronological order. The network activity analysis will detail connections that have been established including host names, IP addresses and if data has been posted to one of those addresses.
The submit form on the website of the project accepts files with a maximum size of 16 Megabytes. Zip files with up to 50 files can be uploaded to the service as well if the password is set to “infected”. A link to the file analysis will be send to the email address that the user enters when submitting the files.
CW Sandbox is an excellent online service that provides an in depth analysis of submitted files. The only drawbacks are the 16 Megabyte file size limit and that the reports are send to an email address with an undefined wait time. A ticket system on the website directly detailing the place in queue and the estimated wait time would be really helpful for users who are submitting files to the service.
Related posts:
Back up your files to a secure remote server with CarboniteOnline Virus Scan
How To Download Files From The Internet The Secure Way
Software Virtualization With SafeSpace
VNC Remote Desktop Software Monitor
Runscanner
Why I decided to uninstall my Antivirus software
Video Analysis Software Kinovea
4 Responses to “Analyse Software In A Remote Secure Environment”
Trackbacks/Pingbacks
-
[...] gHacks.net Leer mas Agrega un [...]
-
[...] Analyse Software In A Remote Secure Environment (ghacks.net) [...]
Service is mostly for advanced users. I submitted a file known to deploy malware. The results came within minutes and were very detailed, including all changes made to the system. However, you have to analyze those changes yourself to determine if it is malware. I could not find anywhere that said MALWARE DETECTED. So, it details the symptoms but gives no diagnosis.
There are a few similar online services eg.Anubis and ThreatExpert. Or you could just run it offline sandboxed, with a registry/traffic connection monitor.
http://anubis.iseclab.org/
http://www.threatexpert.com/