There are a few popular online service which I am sure you have heard of such as VirusTotal, an online virus scanner that scans the file you upload with multiple (40+) antivirus and ThreatExpert, an online automated threat analysis which analyzes the file that you upload on check on what it does when it is ran on the computer. I personally use ThreatExpert a lot because I prefer to know what the file is doing rather than putting my full trust on the antivirus which sometimes gives us false detection. Other than ThreatExpert, I have previously mentioned CWSandbox, Anubis, Sunbelt Sandbox, Norman Sandbox and Comodo Instant Malware Analysis.
Here is another another online sandbox called Joebox to add in to the list of file behavior analyzers. JoeBox has been around since early 2008 and it is updated and improved periodically. 3 days ago JoeBox has been updated to 1.5.5 that fixes bug on big html files, added file written and key value queried section, increased HTML layout and fixed virtual machine guest time update bug.
The good thing about Joebox is you can set the file that you want to run in which version of Windows. By default Joebox runs the malware in XP SP3 but you can select to also run it on Vista SP2 and Windows 7 at the same time. Other than that, you can enable Joebox to get the network data (PCAP) and then open it with Wireshark to analyze the captured traffic.
You will need to enter a working email address because the analyzed report will be sent there. The report is generated in a HTML file and frankly speaking, the report might not be easy to interpret for non savvy computer users.
You may ask why do you need Joebox when there are other online file analyzers which provides report that is easier to understand? Joebox is a good alternative to other online sandbox because there are tools that can make a malware un-analyzable in online sandbox because of the “anti” features. Since Joebox is not the popular ones, chances of it getting blocked is low.
Make sure you only submit the binary file itself and not in compressed archive such as ZIP, RAR, 7z and etc. However if you are afraid that you might accidentally run the malware on your computer, you can submit the file without any extension and Joebox is able to automatically detect it as an executable file. A binary file means files with extension such as exe, dll, sys, doc, pdf…
[ Analyze File Behavior with Joebox ]
Related posts:
Excellent info, thanks Raymond. Always much appreciated .
thank u for your nice information
Thanks Ray…!!!
This may be off-topic, but on the subject of Raymond’s emails, why not just bookmark his main blog (this page) and with a single click arrive straight here?
I visit this site first thing in the morning each day. I check my mails later on, and it’s not even everyday.
Well, that’s my long way of saying it’s faster to reach Raymond’s blog than look for his email (if there’s any for the day), only to find faults in it (if any).
Just my two cents’ worth.
I like reading your full posts in my email id rather than just 2 lines. Sometimes the pictures dont load either even when i click on dislay images from this user.
Even so, Thanx alot raymond for all your posts.
U R DE BEST
Dear Ray,
I’ve bookmarked the Joebox page. Thanks
I don’t mind reading your articles but feel like I was misled on ending up here as it said I would get a free hide your ip program. Only programs I see here are free one’s I could get myself. Also you have that pop up screen saver happening which is usually malware if you download it.
Your Response to this Raymond.
Sincerely Yours
John Major
ya why is it truly john is right raymond..
but any way keep up the good work…
i am realy interested in your articles and read them even middle of bussy days……..
Hi Raymond,
Since some days we receive only part of your emails by subscrpition. Today only first 2 lines.
cool
this can be very helpfully
I love your reports, keep it up. -JP 12y.o.
Raymond – I love you man! You rock!!!