Last year I’ve shown you how to safely run untrusted programs in virtual space using Sandboxie so it won’t affect your computer if it is a virus. Whatever the files does to your computer, it is only doing the damage in the virtual space and your Windows remains safe. Not only it is able to protect your computer, it can also show you if there is any files created and also the registry changes. It is very powerful security program but computer beginners may find that virtualization software tough to understand and use.
Loading a suspicious file into Sandbox is easy but investigating the file with Sandboxie is no easy task. I’ve previously written a guide on how to investigate files using Sandboxie but there is still a lot of computer knowledge involve. How nice if you’re able to just scan and analyze the suspicious file and then it automatically generates a highly detailed threat report.
Good news is now you can and there is no need to install any software to analyze what the file can actually do you your computer when you run it. In short, it is like running the suspicious file on a computer that doesn’t even exist and then it tells you what it does to that system! If the report states that it is dangerous, you can simply delete the file from your computer to stay safe.
Instead of using software to analyze untrusted file, here are some free web based sandbox service analyzes malware. Submit your Windows executable and receive an analysis report telling you what it does. All of them are an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a FULLY AUTOMATED mode. There is a big difference between analyzing file with antivirus and sandbox. When using antivirus, you depend on its signature which sometimes can give you false positive. But with sandbox, you will know for sure if it is a dangerous file or not.
I’ve used a trojan called “Bandook” and upload to all 5 sandbox websites for test to determine which provides the best report.
1. ThreatExpert
– File size limit of 5MB
– Report will be made available to public after submission.
– Report sent to your email
Note: I find that ThreatExpert is the best compared to the rest because it gives the most complete information about the trojan.
[ Submit File to ThreatExpert ]
2. CWSandbox
– File size limit of 16MB
– After file submission, you immediately get the report link
Note: Very accurate report and it is as good as ThreatExpert.
[ Submit File to CWSandbox ]
3. Anubis
– File size limit of 2MB
– Can either opt for web or email for report
Note: The report about where the trojan connects to is not accurate.
[ Submit File to Anubis ]
4. Sunbelt Sandbox
– File size limit of 12MB
– Can either opt for web or email for report
– You can only receive report link from Email so make sure you entered a correct email address
Note: Sunbelt Sandbox technology is provided by CWSandbox. Although it is the same technology, but the report result is different. Sunbelt Sandbox is unable to give accurate network activity report.
[ Submit File to Sunbelt Sandbox ]
5. Norman Sandbox
– Didn’t specify the maximum file size
– Report sent to email only
Note: This is the worst of all. It doesn’t have web report and don’t know what is the maximum file size that is supported. The worst part is it didn’t detect Bandook as a threat!
[ Submit File to Norman Sandbox ]
Whenever you have a suspicious file and can’t decide whether to run it or not, submit it to VirusTotal first. If it didn’t detect anything or if it gives you a 50/50 result, then the next thing you should do is upload it to online sandbox websites. Congratulations! You are now a virus/malware analyzer!